Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 25: 2016-08533fc59c Moderate: Curl Negative Length Issue

fedora
Calendar Grey September 17, 2016
Dist Fedora Esm H88
Fedora 25 has implemented a crucial update to rectify the curl negative string length vulnerability, thereby bolstering protection against potential security breaches.
- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)

Change Log

References


[ 1 ] Bug #1375907 - CVE-2016-7167 curl: escape and unescape integer overflows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375907

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: curl
Product: Fedora 25
Version: 7.50.3
Release: 1.fc25
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.