Debian Security Advisory 4633-1

Debian Security Advisory 4633-1: Posted Feb 25, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2019-5436, CVE-2019-5481, CVE-2019-5482; SHA-256 | b7f2ce0f1e8a86c966bfba98bf404e0b81f1d24285a3ca41d94c909e96c042ac; Download | Favorite | View

Debian Security Advisory 4633-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4633-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
February 22, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2019-5436 CVE-2019-5481 CVE-2019-5482
Debian Bug     : 929351 940009 940010

Multiple vulnerabilities were discovered in cURL, an URL transfer
library.

CVE-2019-5436

    A heap buffer overflow in the TFTP receiving code was discovered,
    which could allow DoS or arbitrary code execution. This only affects
    the oldstable distribution (stretch).

CVE-2019-5481

    Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
    by a malicious server sending a very large data block.

CVE-2019-5482

    Thomas Vegas discovered a heap buffer overflow that could be
    triggered when a small non-default TFTP blocksize is used.

For the oldstable distribution (stretch), these problems have been fixed
in version 7.52.1-5+deb9u10.

For the stable distribution (buster), these problems have been fixed in
version 7.64.0-4+deb10u1.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi
RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5
eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU
aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU
G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F
tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7
KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e
qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH
ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj
KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW
G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30
KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 247 files
Jay Turla 150 files
indoushka 139 files
Ubuntu 61 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,066)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,731)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,807)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

Debian Security Advisory 4633-1

Debian Security Advisory 4633-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4633-1

Share This

Debian Security Advisory 4633-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems