Debian: DSA-4633-1 Critical Fix for Curl Buffer Overflow and DoS
debian
February 24, 2020
Multiple vulnerabilities were discovered in cURL, an URL transfer library
Topics Covered
Summary
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code was discovered,
which could allow DoS or arbitrary code execution. This only affects
the oldstable distribution (stretch).
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
by a malicious server sending a very large data block.
CVE-2019-5482
Thomas Vegas discovered a heap buffer overflow that could be
triggered when a small non-default TFTP blocksize is used.
For the oldstable distribution (stretch), these problems have been fixed
in version 7.52.1-5+deb9u10.
For the stable distribution (buster), these problems have been fixed in
version 7.64.0-4+deb10u1.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions c...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: curl
CVE ID: CVE-2019-5436 CVE-2019-5481 CVE-2019-5482
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!