Lucene search

K
ibmIBM53284BF24641EB44158B04696677A64159279150BC5F828D58E6DFDFA31CB47F
HistorySep 11, 2020 - 12:41 p.m.

Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)

2020-09-1112:41:00
www.ibm.com
31
vulnerability
libcurl
redhat enterprise linux
ibm cloud pak system
cve-2019-5436
buffer overflow
remote code execution
cvss
affected products
remediation
upgrade
workarounds

EPSS

0.053

Percentile

93.1%

Summary

Vulnerability has been identified in libcurl that is used in OS image for RedHat Enterprise Linux for IBM Cloud Pak System. This security bulletin applies to the OS image for RedHat Enterprise Linux v7.7. OS image for RedHat Enterprise Linux has addressed the vulnerability.

Vulnerability Details

CVEID:CVE-2019-5436
**DESCRIPTION:**cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet() function. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161431 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak System v.2.3.0.1, v.2.3.1.1
OS Image for RedHat Enterprise v3.0.14, v3.0.15

Remediation/Fixes

for Cloud Pak System v.2.3.0.1, v.2.3.1.1, v2.3.2.0

apply iFix as available at IBM Fix Central here, this service applies to OS Image for Red Hat Linux v7.7

OR

Upgrade to IBM Cloud Pak System v2.3.3.0 ,

Information on release available here : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;.

Workarounds and Mitigations

None