Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia: Advisory 2018-0423 Moderate Severity: Curl DoS Threat

mageia
Calendar Grey October 30, 2018
Dist Mageia Esm H88
The revised curl software resolves significant vulnerabilities, which include denial of service attacks and buffer overflow threats that compromise the integrity of the system.
Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers

Summary

Updated curl packages fix security vulnerabilities:
Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-0500).
Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems (CVE-2018-14618).
Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code (CVE-2018-1000120).
Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service (CVE-2018-1000121).
Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=22772

- https://curl.se/docs/CVE-2018-1000120.html

- https://curl.se/docs/CVE-2018-1000121.html

- https://curl.se/docs/CVE-2018-1000122.html

- https://curl.se/docs/CVE-2018-1000300.html

- https://curl.se/docs/CVE-2018-1000301.html

- https://curl.se/docs/CVE-2018-0500.html

- https://curl.se/docs/CVE-2018-14618.html

- https://ubuntu.com/security/notices/USN-3598-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DOHQJ7DDUE5U4L6FHSUVPFQ7TAZLWSMI/

- https://ubuntu.com/security/notices/USN-3710-1

- https://lists.debian.org/debian-security-announce/2018/msg00216.html

- https://www.cve.org/CVERecord?id=CVE-2018-0500

- https://www.cve.org/CVERecord?id=CVE-2018-14618

- https://www.cve.org/CVERecord?id=CVE-2018-1000120

- https://www.cve.org/CVERecord?id=CVE-2018-1000121

- https://www.cve.org/CVERecord?id=CVE-2018-1000122

- https://www.cve.org/CVERecord?id=CVE-2018-1000300

- https://www.cve.org/CVERecord?id=CVE-2018-1000301

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software update security fix curl Mageia

Resolution

SRPMS

- 6/core/curl-7.54.1-2.7.mga6

Publication date: 30 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0423.html
Type: security
CVE: CVE-2018-0500, CVE-2018-14618, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow software update security fix curl Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here