Debian Bug report logs -
#940010
curl: CVE-2019-5482: TFTP small blocksize heap buffer overflow
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 11 Sep 2019 06:51:01 UTC
Severity: important
Tags: security, upstream
F ...
Several security issues were fixed in curl ...
curl could be made to crash or possibly execute arbitrary code
if it incorrectly handled memory during TFTP transfers ...
Multiple vulnerabilities were discovered in cURL, an URL transfer
library
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code was discovered,
which could allow DoS or arbitrary code execution This only affects
the oldstable distribution (stretch)
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Low: OpenShift Container Platform 4340 security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Synopsis
Moderate: OpenShift Container Platform 461 image security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Synopsis
Important: Container-native Virtualization security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Double-free vulnerability in the FTP-kerberos code in cURL 7520 to 7653(CVE-2019-5481)
Heap buffer overflow in the TFTP protocol handler in cURL 7194 to 7653(CVE-2019-5482) ...
Heap buffer overflow in the TFTP protocol handler in cURL 7194 to 7653 (CVE-2019-5482)
Double-free vulnerability in the FTP-kerberos code in cURL 7520 to 7653 (CVE-2019-5481) ...
libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server It can call recvfrom() with the default size for the buffer rather than with the size that was used to allocate it Thus, the content that might overwrite the heap memory is controlled by the server This flaw is only triggered if ...