[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1121-1] curl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.26.0-1+wheezy21
CVE ID         : CVE-2017-1000254
Debian Bug     : #877671

It was discovered that there was a out-of-bounds read vulnerability in
curl, a command-line and library for transferring data over HTTP/FTP,
etc. A malicious FTP server could abuse this to prevent curl-based
clients from interacting with it.

See <https://curl.haxx.se/docs/adv_20171004.html> for more details.

For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy21.

We recommend that you upgrade your curl packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlnV/aIACgkQHpU+J9Qx
HlinDhAAgZHw6fxWNbggvnup3kL0eYm1tk5QHnONmUj0D8zplQGuQIJbYJ9vaSsv
wC8AWXRNqEkL6yxlpKjigHHIgyG+HnahYfWqokGpKNQbFZyYNxFCup2C/YHTuW1A
kSgNZiLmdBmjA6MMB5d/Tz5bVKKJuzxqHV3skZn2g8ha/AWIJCJqneSg+EIIl+jK
45uiBxiV75ktqZ8t35w5i7THbyYFsleF/FdklxtaUuOkvBy6ZqczLKtfhpBkO383
xMw/yuAms6q7hl9eXU4jgrVDv9+JjceCeAHIJybPyE1HMSrNvMAhHfPcm+GFJezh
R5SBSrSExy9xpwLPGi72Wefd/n7SJ/Gnjc/mtX5NXFWDW35VWbBTsuFLajWFFABC
0kG+ldhIF6d07Zw/+BusgIvifGnAF32GJxVmjv2AfdLu/8hobRgQGmz4+KUxqSB7
kDRzT8Pq4Y0te37f5ap0wMs9Fzy8nrOfdedrhLJ/tmgxojIukBv7tK7RnrRNR4P3
rm0Geor3D+0C3tXx3KxYRT42008i99DVnKEXf6SI8nrAy5q7VOuUki3t8PXH6Fpy
OP2U90i8gzx+4tIT+EI8QMWy5IzoXCb5UWaAcbYDYTJiYa5UIAHyp09oi5ph3fUQ
3iYby9L9qVe40rhrUCKWdgIQO+WxHOILVCoBh4xcx08osfNGvXY=
=3bjm
-----END PGP SIGNATURE-----
Reply to: