FEDORA-2016-e8e8cdb4ed

security update in Fedora 24 for curl

Status: stable 2 years ago
  • fix cookie injection for other servers (CVE-2016-8615)
  • compare user/passwd case-sensitively while reusing connections (CVE-2016-8616)
  • base64: check for integer overflow on large input (CVE-2016-8617)
  • fix double-free in krb5 code (CVE-2016-8619)
  • fix double-free in curl_maprintf() (CVE-2016-8618)
  • fix glob parser write/read out of bounds (CVE-2016-8620)
  • fix out-of-bounds read in curl_getdate() (CVE-2016-8621)
  • fix URL unescape heap overflow via integer truncation (CVE-2016-8622)
  • fix use-after-free via shared cookies (CVE-2016-8623)
  • urlparse: accept '#' as end of host name (CVE-2016-8624)

Comments 9

This update has been submitted for testing by kdudka.

No regressions noted.

karma: +1 critpath: +1

works

karma: +1 critpath: +1

works for me

karma: +1

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

karma: +1 critpath: +1

Thanks for feedback!

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 1

00 #1390894 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all]

Automated Test Results