SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   curl Vendors:   curl.haxx.se
(Oracle Issues Fix for Oracle Linux) curl RTSP Response Processing Flaw in Curl_http_readwrite_headers() Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1042076
SecurityTracker URL:  http://securitytracker.com/id/1042076
CVE Reference:   CVE-2018-1000301   (Links to External Site)
Date:  Nov 12 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.59.0
Description:   A vulnerability was reported in curl. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote server can return a specially crafted RTSP response to cause the Curl_http_readwrite_headers() function to read beyond the buffer and disclose potentially sensitive information or cause denial of service conditions on the target system.

The vendor was notified on March 24, 2018.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2018-3157.html

Vendor URL:  linux.oracle.com/errata/ELSA-2018-3157.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
May 17 2018 curl RTSP Response Processing Flaw in Curl_http_readwrite_headers() Lets Remote Users Deny Service or Obtain Potentially Sensitive Information



 Source Message Contents

Subject:  [El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update

Oracle Linux Security Advisory ELSA-2018-3157

http://linux.oracle.com/errata/ELSA-2018-3157.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.el7.src.rpm



Description of changes:

curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum 
(#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write 
(CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC