FEDORA-2018-fdc4ca8675 — security update for curl

stable

curl-7.59.0-8.fc28

FEDORA-2018-fdc4ca8675 created by kdudka 6 years ago for Fedora 28

SASL password overflow via integer overflow (CVE-2018-16839)
fix use-after-free in handle close (CVE-2018-16840)
fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-fdc4ca8675

This update has been submitted for testing by kdudka.

6 years ago

This update has been pushed to testing.

6 years ago

hreindl commented & provided feedback 6 years ago

karma

works for me

samoht0 commented & provided feedback 6 years ago

karma

no regressions noted

filiperosset commented & provided feedback 6 years ago

karma

no regressions noted

This update has been submitted for batched by bodhi.

6 years ago

kdudka commented & provided feedback 6 years ago

Thank you for testing the update!

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Severity

low

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

Builds

curl-7.59.0-8.fc28

BZ#1644552 CVE-2018-16839 curl: Heap-based buffer overflow via integer overflow in curl_sasl.c:Curl_sasl_create_plain_message() [fedora-all]

BZ#1644555 CVE-2018-16840 curl: Use-after-free when closing and cleaning "easy" handle in Curl_close() [fedora-all]

BZ#1644558 CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting [fedora-all]

curl-7.59.0-8.fc28

Automated Test Results

ignored