Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 25 Announcement: Critical OpenSSL Buffer Overflow Issue Found

fedora
Calendar Grey September 15, 2016
Dist Fedora Esm H88
A patch has been released to fix negative string length vulnerabilities in curl_easy_[un]escape(), addressing CVE-2016-7167 for Fedora 24 security
- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Change Log

References


[ 1 ] Bug #1375907 - CVE-2016-7167 curl: escape and unescape integer overflows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375907

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 24
Version: 7.47.1
Release: 8.fc24
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.