Univention Bugzilla – Full Text Bug Listing |
Summary: | curl: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) |
Description
Quality Assurance
2018-11-12 09:18:12 CET
--- mirror/ftp/4.2/unmaintained/4.2-5/source/curl_7.38.0-4+deb8u12.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/curl_7.38.0-4+deb8u13.dsc @@ -1,3 +1,31 @@ +7.38.0-4+deb8u13 [Tue, 06 Nov 2018 19:01:46 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix the following security vulnerabilities: + * CVE-2016-7141: + When built with NSS and the libnsspem.so library is available at runtime, + allows remote attacker to hijack the authentication of a TLS connection by + leveraging reuse of a previously loaded client certificate from file for a + connection for which no certificate has been set, a different + vulnerability than CVE-2016-5420. + * CVE-2016-7167: + Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, + (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl allow + attackerrs to have unspecified impact via a string of length 0xffffffff, + which triggers a heap-based buffer overflow. + * CVE-2016-9586: + Curl is vulnerable to a buffer overflow when doing a large floating point + output in libcurl's implementation of the printf() functions. If there are + any applications that accept a format string from the outside without + necessary input filtering, it could allow remote attacks. + * CVE-2018-16839: + Curl is vulnerable to a buffer overrun in the SASL authentication code that + may lead to denial of service. + * CVE-2018-16842: + Curl is vulnerable to a heap-based buffer over-read in the + tool_msgs.c:voutf() function that may result in information exposure and + denial of service. + 7.38.0-4+deb8u12 [Sat, 08 Sep 2018 11:55:45 +0100] Chris Lamb <lamby@debian.org>: * Fix an NTLM password overflow via integer overflow as per CVE-2018-14618 <http://10.200.17.11/4.2-5/#580695000923150219> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 72d34a53a8 Bug #48131: curl 7.38.0-4+deb8u13 doc/errata/staging/curl.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) |