[SECURITY] [DLA 1121-1] curl security update

2017-10-0509:39:01

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

Package : curl
Version : 7.26.0-1+wheezy21
CVE ID : CVE-2017-1000254
Debian Bug : #877671

It was discovered that there was a out-of-bounds read vulnerability in
curl, a command-line and library for transferring data over HTTP/FTP,
etc. A malicious FTP server could abuse this to prevent curl-based
clients from interacting with it.

See <https://curl.haxx.se/docs/adv_20171004.html> for more details.

For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy21.

We recommend that you upgrade your curl packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8s390xlibcurl4-nss-dev< 7.38.0-4+deb8u6libcurl4-nss-dev_7.38.0-4+deb8u6_s390x.deb
Debian7armelcurl< 7.26.0-1+wheezy21curl_7.26.0-1+wheezy21_armel.deb
Debian8mipsellibcurl4-gnutls-dev< 7.38.0-4+deb8u6libcurl4-gnutls-dev_7.38.0-4+deb8u6_mipsel.deb
Debian7amd64libcurl4-nss-dev< 7.26.0-1+wheezy21libcurl4-nss-dev_7.26.0-1+wheezy21_amd64.deb
Debian7armellibcurl4-openssl-dev< 7.26.0-1+wheezy21libcurl4-openssl-dev_7.26.0-1+wheezy21_armel.deb
Debian7armhflibcurl3-dbg< 7.26.0-1+wheezy21libcurl3-dbg_7.26.0-1+wheezy21_armhf.deb
Debian9mipsellibcurl3< 7.52.1-5+deb9u1libcurl3_7.52.1-5+deb9u1_mipsel.deb
Debian9arm64libcurl3< 7.52.1-5+deb9u1libcurl3_7.52.1-5+deb9u1_arm64.deb
Debian9i386curl< 7.52.1-5+deb9u1curl_7.52.1-5+deb9u1_i386.deb
Debian9mipselcurl< 7.52.1-5+deb9u1curl_7.52.1-5+deb9u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	libcurl4-nss-dev	< 7.38.0-4+deb8u6	libcurl4-nss-dev_7.38.0-4+deb8u6_s390x.deb
Debian	7	armel	curl	< 7.26.0-1+wheezy21	curl_7.26.0-1+wheezy21_armel.deb
Debian	8	mipsel	libcurl4-gnutls-dev	< 7.38.0-4+deb8u6	libcurl4-gnutls-dev_7.38.0-4+deb8u6_mipsel.deb
Debian	7	amd64	libcurl4-nss-dev	< 7.26.0-1+wheezy21	libcurl4-nss-dev_7.26.0-1+wheezy21_amd64.deb
Debian	7	armel	libcurl4-openssl-dev	< 7.26.0-1+wheezy21	libcurl4-openssl-dev_7.26.0-1+wheezy21_armel.deb
Debian	7	armhf	libcurl3-dbg	< 7.26.0-1+wheezy21	libcurl3-dbg_7.26.0-1+wheezy21_armhf.deb
Debian	9	mipsel	libcurl3	< 7.52.1-5+deb9u1	libcurl3_7.52.1-5+deb9u1_mipsel.deb
Debian	9	arm64	libcurl3	< 7.52.1-5+deb9u1	libcurl3_7.52.1-5+deb9u1_arm64.deb
Debian	9	i386	curl	< 7.52.1-5+deb9u1	curl_7.52.1-5+deb9u1_i386.deb
Debian	9	mipsel	curl	< 7.52.1-5+deb9u1	curl_7.52.1-5+deb9u1_mipsel.deb