Package : curl
Version : 7.38.0-4+deb8u14
CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
It was discovered that there were three vulnerabilities in the curl
command-line HTTP (etc.) client:
CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in
the handling of NTLM type-2 messages.
CVE-2019-3822: Stack-based buffer overflow in the handling of
outgoing NTLM type-3 headers.
CVE-2019-3823: Heap out-of-bounds read in code handling
the end of a response in the SMTP protocol.
For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u14.
We recommend that you upgrade your curl packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] 🍥 chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | armhf | libcurl4-nss-dev | < 7.38.0-4+deb8u14 | libcurl4-nss-dev_7.38.0-4+deb8u14_armhf.deb |
Debian | 8 | armhf | libcurl4-gnutls-dev | < 7.38.0-4+deb8u14 | libcurl4-gnutls-dev_7.38.0-4+deb8u14_armhf.deb |
Debian | 8 | armel | libcurl4-nss-dev | < 7.38.0-4+deb8u14 | libcurl4-nss-dev_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | amd64 | libcurl4-gnutls-dev | < 7.38.0-4+deb8u14 | libcurl4-gnutls-dev_7.38.0-4+deb8u14_amd64.deb |
Debian | 8 | amd64 | curl | < 7.38.0-4+deb8u14 | curl_7.38.0-4+deb8u14_amd64.deb |
Debian | 8 | armel | libcurl3-gnutls | < 7.38.0-4+deb8u14 | libcurl3-gnutls_7.38.0-4+deb8u14_armel.deb |
Debian | 8 | i386 | libcurl3-dbg | < 7.38.0-4+deb8u14 | libcurl3-dbg_7.38.0-4+deb8u14_i386.deb |
Debian | 8 | i386 | libcurl4-nss-dev | < 7.38.0-4+deb8u14 | libcurl4-nss-dev_7.38.0-4+deb8u14_i386.deb |
Debian | 8 | armhf | libcurl3 | < 7.38.0-4+deb8u14 | libcurl3_7.38.0-4+deb8u14_armhf.deb |
Debian | 8 | armhf | libcurl3-gnutls | < 7.38.0-4+deb8u14 | libcurl3-gnutls_7.38.0-4+deb8u14_armhf.deb |