FEDORA-2018-7785911c9e

security update in Fedora 29 for curl

Status: stable 9 months ago
  • SASL password overflow via integer overflow (CVE-2018-16839)
  • fix use-after-free in handle close (CVE-2018-16840)
  • fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)

Comments 10

This update has been submitted for testing by kdudka.

works as usual

karma: +1 critpath: +1

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

This update has been submitted for batched by bodhi.

Thank you for testing the update!

Tested on local machine.

karma: +1 critpath: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 9 months ago
in testing 9 months ago
in stable 9 months ago

Related Bugs 3

00 #1644552 CVE-2018-16839 curl: Heap-based buffer overflow via integer overflow in curl_sasl.c:Curl_sasl_create_plain_message() [fedora-all]
00 #1644555 CVE-2018-16840 curl: Use-after-free when closing and cleaning "easy" handle in Curl_close() [fedora-all]
00 #1644558 CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting [fedora-all]

Automated Test Results