Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutions ...
Synopsis
Moderate: curl and nss-pem security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl and nss-pem is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Debian Bug report logs -
#893546
curl: CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Mar 2018 20:09:01 UTC
Severity: serious
Tags: fixed-upstream, patch, securi ...
Debian Bug report logs -
#898856
curl: CVE-2018-1000301: RTSP bad headers buffer over-read
Package:
curl;
Maintainer for curl is Alessandro Ghedini <ghedo@debianorg>; Source for curl is src:curl (PTS, buildd, popcon)
Reported by: Chris Lamb <lamby@debianorg>
Date: Wed, 16 May 2018 18:00:02 UTC
Severity: grave
Tags ...
Multiple vulnerabilities were discovered in cURL, an URL transfer library
CVE-2018-1000120
Duy Phan Thanh discovered that curl could be fooled into writing a
zero byte out of bounds when curl is told to work on an FTP URL with
the setting to only issue a single CWD command, if the directory part
of the URL contains a “%00” seq ...
Several security issues were fixed in curl ...
Several security issues were fixed in curl ...
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior (C ...
A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply ...
The nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate ...
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior (C ...
A NULL pointer dereference exists in the LDAP code of curl >= 7210 and < curl 7590, allowing an attacker to cause a denial of service libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs could be made to crash by a malicious server ...