SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   curl Vendors:   curl.haxx.se
(Oracle Issues Fix for Oracle Linux) curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash
SecurityTracker Alert ID:  1042075
SecurityTracker URL:  http://securitytracker.com/id/1042075
CVE Reference:   CVE-2018-1000122   (Links to External Site)
Date:  Nov 12 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.58.0
Description:   A vulnerability was reported in curl. A remote user can cause the target application to crash.

A remote user can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

The vendor was notified on February 20, 2018.

Max Dymond reported this vulnerability.
Impact:   A remote user can cause the target application to crash.

A remote user can obtain potentially sensitive information on the target system.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2018-3157.html
Vendor URL:  linux.oracle.com/errata/ELSA-2018-3157.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2018 curl RTSP URL Processing Buffer Copy Error Lets Remote Users Cause the Target Application to Crash


 Source Message Contents
Subject:  [El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3157

http://linux.oracle.com/errata/ELSA-2018-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.el7.src.rpm



Description of changes:

curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum 
(#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write 
(CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC