[SECURITY] [DLA 883-1] curl security update

2017-04-04T13:27:22
ID DEBIAN:DLA-883-1:BAD47
Type debian
Reporter Debian
Modified 2017-04-04T13:27:22

Description

Package : curl Version : 7.26.0-1+wheezy18+deb7u1 CVE ID : CVE-2017-7407

It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc.

If a "%" ended the --write-out parameter, the string's trailing NUL would be skipped and memory past the end of the buffer could be accessed and potentially displayed as part of the output.

For Debian 7 "Wheezy", this issue has been fixed in curl version 7.26.0-1+wheezy18+deb7u1.

We recommend that you upgrade your curl packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-