CLD-398 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
curl |
| Deficiency Type |
SECURITY |
| Date Created |
2018-05-16 10:40:30 |
| Date Last Modified |
2018-05-16 10:58:07 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in curl-7.60.0-i686-1 |
| Cucumber 1.0 x86_64 | fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1 |
| Cucumber 1.1 i686 |
fixed in curl-7.60.0-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1 |
Details:
See https://curl.haxx.se/docs/adv_2018-b138.html for full details.
Relevant changelog entry (from Cucumber Linux 1.1):
Wed May 16 10:47:05 EDT 2018
net-base/curl upgraded from 7.59.0 to 7.60.0 to fix two security
vulnerabilities: CVE-2018-1000301, a buffer overread that could
potentially result in information disclosure but would more likely
result in a denial of service (application crash). It can be triggered
by a maliciouse remote server. Also fixes CVE-2018-1000300, a buffer
overflow vulnerability that allowed for a malicious an FTP server to
write arbitrary bytes to memory by overflowing the "closure handle"
buffer. Although no exploit is known at this time, it is quite possible
that this could result in arbitrary code execution given the nature of
the vulnerability. For more information see:
https://security.cucumberlinux.com/security/details.php?id=398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
https://curl.haxx.se/docs/adv_2018-b138.html
https://security.cucumberlinux.com/security/details.php?id=399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300
https://curl.haxx.se/docs/adv_2018-82c2.html
multilib/net-base/curl-lib_i686 upgraded from 7.59.0 to 7.60.0 (x86_64 only)
* SECURITY FIX *