nss-pem-1.0.3-5.el7, curl-7.29.0-51.el7

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

The nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module.

Security Fix(es):

* curl: HTTP authentication leak in redirects (CVE-2018-1000007)

* curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)

* curl: RTSP RTP buffer over-read (CVE-2018-1000122)

* curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301)

* curl: LDAP NULL pointer dereference (CVE-2018-1000121)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-1000007
libcurl 7.1 through 7.57.0 might accidentally leak authentication data
to third parties. When asked to send custom headers in its HTTP
requests, libcurl will send that set of headers first to the host in
the initial URL but also, if asked to follow redirects and a 30X HTTP
response code is returned, to the host mentioned in URL in the
`Location:` response header value. Sending the same set of headers to
subsequest hosts is in particular a problem for applications that pass
on custom `Authorization:` headers, as this header often contains
privacy sensitive information or data that could allow others to
impersonate the libcurl-using client's request.
CVE-2018-1000120
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0
in the FTP URL handling that allows an attacker to cause a denial of
service or worse.
CVE-2018-1000121
A NULL pointer dereference exists in curl 7.21.0 to and including curl
7.58.0 in the LDAP code that allows an attacker to cause a denial of
service
CVE-2018-1000122
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0
in the RTSP RTP handling code that allows an attacker to cause a
denial of service or information leakage
CVE-2018-1000301
curl version curl 7.20.0 to and including curl 7.59.0 contains a
CWE-126: Buffer Over-read vulnerability in denial of service that can
result in curl can be tricked into reading data beyond the end of a
heap based buffer used to store downloaded RTSP content.. This
vulnerability appears to have been fixed in curl < 7.20.0 and curl >=
7.60.0.