[SECURITY] [DLA 1917-1] curl security update

2019-09-1308:18:00

lists.debian.org

123

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.098 Low

EPSS

Percentile

94.7%

JSON

Package : curl
Version : 7.38.0-4+deb8u16
CVE ID : CVE-2019-5482
Debian Bug : #940010

It was discovered that there was a heap buffer overflow vulnerability
in curl, the library and command-line tool for transferring data over
the internet.

For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u16.

We recommend that you upgrade your curl packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian10arm64libcurl4-gnutls-dev< 7.64.0-4+deb10u1libcurl4-gnutls-dev_7.64.0-4+deb10u1_arm64.deb
Debian10mipslibcurl3-nss-dbgsym< 7.64.0-4+deb10u1libcurl3-nss-dbgsym_7.64.0-4+deb10u1_mips.deb
Debian10mipscurl-dbgsym< 7.64.0-4+deb10u1curl-dbgsym_7.64.0-4+deb10u1_mips.deb
Debian10mipsellibcurl4-gnutls-dev< 7.64.0-4+deb10u1libcurl4-gnutls-dev_7.64.0-4+deb10u1_mipsel.deb
Debian9i386libcurl3-nss< 7.52.1-5+deb9u10libcurl3-nss_7.52.1-5+deb9u10_i386.deb
Debian9mipslibcurl4-openssl-dev< 7.52.1-5+deb9u10libcurl4-openssl-dev_7.52.1-5+deb9u10_mips.deb
Debian9i386libcurl3-dbg< 7.52.1-5+deb9u10libcurl3-dbg_7.52.1-5+deb9u10_i386.deb
Debian10armellibcurl3-nss-dbgsym< 7.64.0-4+deb10u1libcurl3-nss-dbgsym_7.64.0-4+deb10u1_armel.deb
Debian8armellibcurl3-gnutls< 7.38.0-4+deb8u16libcurl3-gnutls_7.38.0-4+deb8u16_armel.deb
Debian10arm64libcurl3-nss< 7.64.0-4+deb10u1libcurl3-nss_7.64.0-4+deb10u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	libcurl4-gnutls-dev	< 7.64.0-4+deb10u1	libcurl4-gnutls-dev_7.64.0-4+deb10u1_arm64.deb
Debian	10	mips	libcurl3-nss-dbgsym	< 7.64.0-4+deb10u1	libcurl3-nss-dbgsym_7.64.0-4+deb10u1_mips.deb
Debian	10	mips	curl-dbgsym	< 7.64.0-4+deb10u1	curl-dbgsym_7.64.0-4+deb10u1_mips.deb
Debian	10	mipsel	libcurl4-gnutls-dev	< 7.64.0-4+deb10u1	libcurl4-gnutls-dev_7.64.0-4+deb10u1_mipsel.deb
Debian	9	i386	libcurl3-nss	< 7.52.1-5+deb9u10	libcurl3-nss_7.52.1-5+deb9u10_i386.deb
Debian	9	mips	libcurl4-openssl-dev	< 7.52.1-5+deb9u10	libcurl4-openssl-dev_7.52.1-5+deb9u10_mips.deb
Debian	9	i386	libcurl3-dbg	< 7.52.1-5+deb9u10	libcurl3-dbg_7.52.1-5+deb9u10_i386.deb
Debian	10	armel	libcurl3-nss-dbgsym	< 7.64.0-4+deb10u1	libcurl3-nss-dbgsym_7.64.0-4+deb10u1_armel.deb
Debian	8	armel	libcurl3-gnutls	< 7.38.0-4+deb8u16	libcurl3-gnutls_7.38.0-4+deb8u16_armel.deb
Debian	10	arm64	libcurl3-nss	< 7.64.0-4+deb10u1	libcurl3-nss_7.64.0-4+deb10u1_arm64.deb