[SECURITY] [DLA 1672-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1672-1] curl security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 11 Feb 2019 16:43:52 +0100
Message-id: <[🔎] 1549899832.3755373.1655594728.4EB3BC0E@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.38.0-4+deb8u14
CVE IDs        : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823

It was discovered that there were three vulnerabilities in the curl
command-line HTTP (etc.) client:

 * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in
   the handling of NTLM type-2 messages.

 * CVE-2019-3822: Stack-based buffer overflow in the handling of
   outgoing NTLM type-3 headers.

 * CVE-2019-3823: Heap out-of-bounds read in code handling
   the end of a response in the SMTP protocol.

For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u14.

We recommend that you upgrade your curl packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxhl/UACgkQHpU+J9Qx
Hljp2Q/9HzuJ9vRQuvKV7QoFUhIjUDEnOinI7oXnekFWJXhbB4fIS0icCIS9YHQZ
C3dLsyUPudsxz7DhIGc/SXOEU+Acbbp6FK4LpM+YT/q5gkpWgAw1aHazQgABgGO5
We1t6CDRwHAmQmZDQZyVJ4wbPw1VCu66RMnkWEaYq50owwi0/7BpnW7w0g9y83tw
DnlAJ3int8TNwVaGKD5LVke4iPPB3rex3RjglzA3leB/p/11Ei2EeL5D7q3tsRVt
kTygM7HwnHkGvVFBCQGZoNhmSPkFBRIGO9WZ4u9M27taatvVbI2T4qCjOqXvdhba
RpjEWhGgTUfoL8i3c4CR5vQHCQ7dCVtkDcuH8LTSSyZigAWx9SGeapVQt60l/LRo
mJSLgfFLySOcB3AxQOjdDhFJqgVPvk7/5uiahg1IUzGNcRdX2ws3xLjegpc2HdwT
jRdRYKFEva8OXyYG/rDQw/0vfVJsjSpRKt2uNbhgpRZkDd70MUJjehBXohNCpzYr
ck+TKnHx64gi2o1/4RvyrrDHX1J8s5F8wIrnMQix4HPodv3wSg7PljsG3931YHGX
F0OrNi64ODYQJYcP612lKif2YQAzb4pofhljP4DDCP5FlUAWLb+++U5hI5trm6eb
2Qn7pPc7NzoROnZD2LLm6FVP9BsJPeXhoGfA+iskQ4WnHio9Faw=
=R862
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1671-1] coturn security update
Next by Date: [SECURITY] [DLA 1673-1] wordpress security update
Previous by thread: [SECURITY] [DLA 1671-1] coturn security update
Next by thread: [SECURITY] [DLA 1673-1] wordpress security update
Index(es):
- Date
- Thread