Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 23: 2016-80f4f71eff Critical: Curl Escape Function Issue

fedora
Calendar Grey September 29, 2016
Dist Fedora Esm H88
Fedora 23 wget security patch resolves overflow issues in wget_easy_[un]decode() to improve security.
- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Change Log

References


[ 1 ] Bug #1375907 - CVE-2016-7167 curl: escape and unescape integer overflows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375907

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 23
Version: 7.43.0
Release: 10.fc23
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.