[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 883-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.26.0-1+wheezy18+deb7u1
CVE ID         : CVE-2017-7407

It was discovered that there was a buffer read overrun vulnerability in curl,
a tool for downloading files from the internet, etc.

If a "%" ended the --write-out parameter, the string's trailing NUL would be
skipped and memory past the end of the buffer could be accessed and potentially
displayed as part of the output.

For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy18+deb7u1.

We recommend that you upgrade your curl packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljjfqkACgkQHpU+J9Qx
Hlj4QQ/+IwOrFvQYHiPXuZTiSWmqFGXYZ/4XLXJPmeTzkpupMEpJB8S3pt71p1q0
OrOrbSPCpMyr4m/zNGnd1+o+Or+I2R+o4GkY2KdiTInuKwNmMKpG2wzDwKpKfdqT
SdzUbgkg8O0IP6mMKMtt0QM7QhFgeC0wl7fhFkUtlQ/iseKjGvw8AY5LgEYaKpxD
4DFqBxH0OH7AkFvzIaqb/ZIWf30i4XNtQJv9ziSd+c+rsxBwlORpnZJVNxy7DJux
WyMsmtzArnoczNpk3zLqHKtZiyD48G6+rYFvI/6JeGRttfunfjp1H79Vc4xogFgt
nxo1K414eAuWNsApquGUQRoD+NAb6/WczygeiObqd9F8TLFlxlXZxiFAacCkj5ct
bnLkfyOYjptmPbFFIqvmjARvubIuIR6Sg3t1fvk3O7W4YfHo+Tc57TylEx8Hfdld
Jj9XpL61KBvABxU1yo2i4VnuWNaFXRXLgBczPBw6YQrM7g0KmiVt4d6p/pqfxJlf
5f9xpyuwYbRAScLE6gLqLnluQivXqeKFfNhf0jAe2CLMggS78wnbScWvYRvwooLz
99Oymp9EcHFO/CSBHQe3z8WFDPn15xGjAJ9KzN/Xj8/WR6ei2HOzDuYCe5Iy0+t1
bmA8kKUimbLvosW3IqAMQ6UotS5nWmb3lOuVIGYSNoBX3oeY8a4=
=QHgI
-----END PGP SIGNATURE-----


Reply to: