curl-7.29.0-54.el7

エラータID: AXSA:2019-4060:01

Release date: 
Monday, August 19, 2019 - 17:37
Subject: 
curl-7.29.0-54.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-16842
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.29.0-54.el7.src.rpm
    MD5: 10d1ec492d2aba2679916a9dacb0fbea
    SHA-256: 7c03de9aa60cbd59b4c5b06dbb5523812b4772eceb4898aee814e6b4b0d688e8
    Size: 2.28 MB

Asianux Server 7 for x86_64
  1. curl-7.29.0-54.el7.x86_64.rpm
    MD5: 1ba9c0efb30cc287a1ef233717ca7f19
    SHA-256: 5f7253d4a1ed2d9c49a54e3b3202c6857285b1b260cbf2aa36d249b42948be39
    Size: 269.17 kB
  2. libcurl-7.29.0-54.el7.x86_64.rpm
    MD5: ca1919fc1a38e68aa05642f11d2d9b20
    SHA-256: 7339eeb21e5609ccc448cac8f3a337607d8ed10e1fcfe369ee87d3d417fb40e2
    Size: 221.72 kB
  3. libcurl-devel-7.29.0-54.el7.x86_64.rpm
    MD5: 76936eb57449b6658da682ead0163c3b
    SHA-256: 92712f5f51e24a2fc9eff2669b93fa915aedd4a1cbb57d20c610d0543cdb5b12
    Size: 301.48 kB
  4. libcurl-7.29.0-54.el7.i686.rpm
    MD5: d788964b0c943a51b1c24fdbc5096a4a
    SHA-256: 37d1e64e074d2f918c9f4e4b36598a13f2261dbbfe2ad5b4dfece78ff04490b5
    Size: 224.26 kB
  5. libcurl-devel-7.29.0-54.el7.i686.rpm
    MD5: 29760556cf12a7ea943ab135f8174f47
    SHA-256: a12c1948d6e5caddc42db3e5858d5988b1c4247ede0b00b55097c61d35f3233f
    Size: 301.54 kB