curl-7.29.0-42.el7.1

エラータID: AXSA:2017-2424:02

Release date: 
Monday, December 4, 2017 - 16:31
Subject: 
curl-7.29.0-42.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)

Asianux would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.

CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data,
in number of bytes. When that response says the data is zero bytes,
libcurl would pass on that (non-existing) data with a pointer and the
size (zero) to the deliver-data function. libcurl's deliver-data
function treats zero as a magic number and invokes strlen() on the
data to figure out the length. The strlen() is called on a heap based
buffer that might not be zero terminated so libcurl might read beyond
the end of it into whatever memory lies after (or just crash) and then
deliver that to the application as if it was actually downloaded.

Solution: 

Update packages.

CVEs: 
CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.29.0-42.el7.1.src.rpm
    MD5: f0b33b9736cb9d8229b725c186bc9051
    SHA-256: 335081adc388377b0a89020b34af470ea02b6c5367eb579c6dab30eb81ac5f8b
    Size: 2.20 MB

Asianux Server 7 for x86_64
  1. curl-7.29.0-42.el7.1.x86_64.rpm
    MD5: 0ad2a03c892f49f05aa5d6faa57fa0f4
    SHA-256: 13914a1ce3575947ccf4328a086bf4a65b34480e578a7b4968ae93994308c110
    Size: 266.00 kB
  2. libcurl-7.29.0-42.el7.1.x86_64.rpm
    MD5: e3e14cce595502f223a069a36c5cb6dd
    SHA-256: cebcf1eab95105c2b07fec1f9e9ce25b14969b5f0178d3e132c37ee6806f91ac
    Size: 218.59 kB
  3. libcurl-devel-7.29.0-42.el7.1.x86_64.rpm
    MD5: b0d956ebbc49cd63c4bbdd99f3e714c5
    SHA-256: 5b4e5a084af9bb8718d76cf7a54c1424ebe579db3dd77b82b9eab574307065bb
    Size: 298.81 kB
  4. libcurl-7.29.0-42.el7.1.i686.rpm
    MD5: 83d8ad9eb5b6f76a8a56bb9f7efc01b2
    SHA-256: 22dc56b29993582f288c3b8589e762bb9805ef1068e372070b0a373a144433cf
    Size: 221.00 kB
  5. libcurl-devel-7.29.0-42.el7.1.i686.rpm
    MD5: f13c9f7d090be23342af634f0edf0e07
    SHA-256: 1ed0547e27248fe17142316555895e0aea9b28cc1673779a463296b5dbb1ab10
    Size: 298.88 kB