Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 529
Alerts This Week
Warning Icon 1 529

Debian: DSA-4203-1 Low: wget Buffer Overflow in HTTP Handling

debian
Calendar Grey May 16, 2018
Scroller Debian
Ubuntu Security Notice USN-4466-1 discusses an important wget update addressing vulnerabilities that could allow for command injection in HTTP requests.
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid heade...

Summary

For the oldstable distribution (jessie), this problem has been fixed
in version 7.38.0-4+deb8u11.

For the stable distribution (stretch), this problem has been fixed in
version 7.52.1-5+deb9u6.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
low
Lowest
Low
Medium
High
Critical

Package: curl
CVE ID: CVE-2018-1000301

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.