Univention Bugzilla – Bug 47283
curl: Multiple issues (4.3)
Last modified: 2018-07-04 14:53:54 CEST
New Debian curl 7.52.1-5+deb9u6 fixes: This update addresses the following issue(s): * * curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. (CVE-2018-1000301) 7.52.1-5+deb9u6 (Tue, 15 May 2018 23:00:28 +0100) * Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html * CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301) product: ucs release: "4.3" version: [1] scope: ucs_4.3-0-errata4.3-1 src: curl fix: 7.52.1-5+deb9u6 desc: | This update addresses the following issue(s): * * curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. (CVE-2018-1000301) 7.52.1-5+deb9u6 (Tue, 15 May 2018 23:00:28 +0100) * Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html * CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301) bug: [] cve: - CVE-2018-1000301
[4.3-1] cfc0c1a09d Bug #47283: curl 7.52.1-5+deb9u6 doc/errata/staging/curl.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) <http://10.200.17.11/4.3-1/#4428784599820139931>
Verified: * Output of automatic checks * Package update * Advisory
cdbd9cad8b | Publish also for UCS 4.3-0
<http://errata.software-univention.de/ucs/4.3/127.html>