Univention Bugzilla – Bug 48786
curl: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:34 CET
New Debian curl 7.52.1-5+deb9u9 fixes: This update addresses the following issues: * 7.52.1-5+deb9u9 (Mon, 04 Feb 2019 20:55:32 +0000) * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html * 7.52.1-5+deb9u9 (Mon, 04 Feb 2019 20:55:32 +0000) * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html * 7.52.1-5+deb9u9 (Mon, 04 Feb 2019 20:55:32 +0000) * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html * 7.52.1-5+deb9u9 (Mon, 04 Feb 2019 20:55:32 +0000) * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html * 7.52.1-5+deb9u9 (Mon, 04 Feb 2019 20:55:32 +0000) * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html
--- mirror/ftp/4.3/unmaintained/4.3-3/source/curl_7.52.1-5+deb9u8.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/curl_7.52.1-5+deb9u9.dsc @@ -1,3 +1,12 @@ +7.52.1-5+deb9u9 [Mon, 04 Feb 2019 20:55:32 +0000] Alessandro Ghedini <ghedo@debian.org>: + + * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 + https://curl.haxx.se/docs/CVE-2018-16890.html + * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 + https://curl.haxx.se/docs/CVE-2019-3822.html + * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 + https://curl.haxx.se/docs/CVE-2019-3823.html + 7.52.1-5+deb9u8 [Tue, 30 Oct 2018 21:39:11 +0000] Alessandro Ghedini <ghedo@debian.org>: * Fix SASL password overflow via integer overflow as per CVE-2018-16839 <http://10.200.17.11/4.3-3/#4428784599836377806>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] e0a1ad7056 Bug #48786: curl 7.52.1-5+deb9u9 doc/errata/staging/curl.yaml | 43 +++---------------------------------------- 1 file changed, 3 insertions(+), 40 deletions(-) [4.3-3] d2f0d52610 Bug #48786: curl 7.52.1-5+deb9u9 doc/errata/staging/curl.yaml | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)
<http://errata.software-univention.de/ucs/4.3/432.html>