Debian Security Advisory 4386-1

Debian Security Advisory 4386-1: Posted Feb 7, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823; SHA-256 | 389920e5b0a54ae3c59ca15c0208b0912c4ae38e63794ae0abf9317bbce73127; Download | Favorite | View

Debian Security Advisory 4386-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4386-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
February 06, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823

Multiple vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2018-16890

    Wenxiang Qian of Tencent Blade Team discovered that the function
    handling incoming NTLM type-2 messages does not validate incoming
    data correctly and is subject to an integer overflow vulnerability,
    which could lead to an out-of-bounds buffer read.

CVE-2019-3822

    Wenxiang Qian of Tencent Blade Team discovered that the function
    creating an outgoing NTLM type-3 header is subject to an integer
    overflow vulnerability, which could lead to an out-of-bounds write.

CVE-2019-3823

    Brian Carpenter of Geeknik Labs discovered that the code handling
    the end-of-response for SMTP is subject to an out-of-bounds heap
    read.

For the stable distribution (stretch), these problems have been fixed in
version 7.52.1-5+deb9u9.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi
RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7
Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp
k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh
RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ
cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z
dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm
zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u
rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2
Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB
u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa
zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 4386-1

Debian Security Advisory 4386-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4386-1

Share This

Debian Security Advisory 4386-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems