curl-7.61.1-12.el8

エラータID: AXSA:2020-648:04

Release date: 
Friday, October 9, 2020 - 07:51
Subject: 
curl-7.61.1-12.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: double free due to subsequent call of realloc() (CVE-2019-5481)

* curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Solution: 

Update packages.

CVEs: 
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.61.1-12.el8.src.rpm
    MD5: 718b1ce6568a287fd4db43bdcc0b4ad5
    SHA-256: c9a0b8870263bac319396068bdbb69e18f5eefc0786dc2cfb61b92913a20daef
    Size: 2.37 MB

Asianux Server 8 for x86_64
  1. curl-7.61.1-12.el8.x86_64.rpm
    MD5: 93b09ccf262b3e13ac5eca0c5f6b3a71
    SHA-256: afd77176aee9c850f89cbcefc811d495b74ebb027013e012aa09d1d93ab7e216
    Size: 351.43 kB
  2. libcurl-7.61.1-12.el8.x86_64.rpm
    MD5: 182f2b716b4c3a8e4f1efbd48b39409a
    SHA-256: 53dd6d62f9557a916ca6cddc770767f291d7f7199f787d056c1706091760dcfa
    Size: 297.13 kB
  3. libcurl-devel-7.61.1-12.el8.x86_64.rpm
    MD5: 411b9e66f84dd44552a72b400798b481
    SHA-256: f292345bc834dfa3058c0874abd81e5c1761a830d8ff38a0eefba5686e75f72b
    Size: 830.34 kB
  4. libcurl-minimal-7.61.1-12.el8.x86_64.rpm
    MD5: 0e287299923c53dcbd9caa252b093517
    SHA-256: ceb70f089302a465b8eacd09b59ebb053ea88c5743cc3af504f3393b5b1630ad
    Size: 283.62 kB
  5. libcurl-7.61.1-12.el8.i686.rpm
    MD5: a2996861031ac94673ea2cc46a7103fe
    SHA-256: 9b218971c1030c22d9b1489cf5e2721db341875e0a0336ad55697b3d5d3f6113
    Size: 325.00 kB
  6. libcurl-devel-7.61.1-12.el8.i686.rpm
    MD5: cdb624310623666b95e26f3d732e798c
    SHA-256: 434c4e014d9758137e937c1ccfd1b6a22dd73b6513cbdc5c3f16da1ea85d8f15
    Size: 830.39 kB
  7. libcurl-minimal-7.61.1-12.el8.i686.rpm
    MD5: ecca9e6eaeddd50b15281468feb90648
    SHA-256: 91701f181e31944aa8dfbe2f3334dfbf4416eb117a9edfdfc41d8ec75c92c7cc
    Size: 310.53 kB