Debian Security Advisory 4051-1

Debian Security Advisory 4051-1: Posted Nov 30, 2017; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4051-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2017-8816, CVE-2017-8817; SHA-256 | abf8f2192ee54bd891f3a491928912c1fd8e425aa2cf0c71f3258482af29ea8c; Download | Favorite | View

Debian Security Advisory 4051-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4051-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
November 29, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2017-8816 CVE-2017-8817

Two vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2017-8816

    Alex Nichols discovered a buffer overrun flaw in the NTLM authentication
    code which can be triggered on 32bit systems where an integer overflow
    might occur when calculating the size of a memory allocation.

CVE-2017-8817

    Fuzzing by the OSS-Fuzz project led to the discovery of a read out of
    bounds flaw in the FTP wildcard function in libcurl. A malicious server
    could redirect a libcurl-based client to an URL using a wildcard pattern,
    triggering the out-of-bound read.

For the oldstable distribution (jessie), these problems have been fixed
in version 7.38.0-4+deb8u8.

For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u3.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAloekh0ACgkQ3rYcyPpX
RFvPYQf+Mm7HZwKKv7g7s6UV0vmD6/EfKJwGeLgBgs2QKdUjqJOXjtKYRBjHNSFt
ye555SeTlD7wLWYXgJmPSAJxacKVTBo9wMW1gM/KOUELmPCrAQTBcvYiupg01oak
L5M69d/Z+w2uzBoH55Jl/jQ9mDgrzsCUuuyRKBmBHlFRZt9VCd5uCbK1+I7bl2HG
uhFJIn7FSq7q+E1HJ8JTzfnOuuzbJjBYsO/DaJCfdYI9Uh0GVcmxwuVwA3ommLif
pycyVvF7MidbtwV9vzcd20jx40nje8rl6Pkfxw6yI3W567Qv+cJCwTuGrgZLQXJQ
uPsZWlarqHnLb3Wd2h7HuIWC8u/SUA==
=DvR1
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 277 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,107)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,764)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,813)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

Debian Security Advisory 4051-1

Debian Security Advisory 4051-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4051-1

Share This

Debian Security Advisory 4051-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems