Debian Security Advisory
DLA-1672-1 curl -- LTS security update
- Date Reported:
- 11 Feb 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-16890, CVE-2019-3822, CVE-2019-3823.
- More information:
It was discovered that there were three vulnerabilities in the curl command-line HTTP (etc.) client:
A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages.
Stack-based buffer overflow in the handling of outgoing NTLM type-3 headers.
Heap out-of-bounds read in code handling the end of a response in the SMTP protocol.
For Debian 8
Jessie, this issue has been fixed in curl version 7.38.0-4+deb8u14.
We recommend that you upgrade your curl packages.