Gentoo FoundationMGASA-2019-0337

HistoryNov 30, 2019 - 4:06 p.m.

Updated curl packages fix security vulnerabilities

2019-11-3016:06:06

Gentoo Foundation

advisories.mageia.org

0.098 Low

EPSS

Percentile

94.8%

JSON

The updated packages fix security vulnerabilities: An integer overflow in curl’s URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. (CVE-2019-5435) A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1 (CVE-2019-5436). Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3 (CVE-2019-5481). Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3 (CVE-2019-5482).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchcurl< 7.66.0-1curl-7.66.0-1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	curl	< 7.66.0-1	curl-7.66.0-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=23789

curl.haxx.se/changes.html#7_65_0

curl.haxx.se/changes.html#7_66_0

curl.haxx.se/docs/CVE-2019-5435.html

curl.haxx.se/docs/CVE-2019-5436.html

curl.haxx.se/docs/CVE-2019-5481.html

curl.haxx.se/docs/CVE-2019-5482.html

usn.ubuntu.com/3993-1/

nessus

GLSA-202003-29 : cURL: Multiple vulnerabilities

2020-03-16 00:00:00

RHEL 8 : curl (RHSA-2020:1792)

2020-04-28 00:00:00

Oracle Linux 8 : curl (ELSA-2020-1792)

2023-09-07 00:00:00

fedora

[SECURITY] Fedora 30 Update: curl-7.65.3-4.fc30

2019-09-18 00:56:35

[SECURITY] Fedora 31 Update: curl-7.66.0-1.fc31

2019-09-21 00:04:17

[SECURITY] Fedora 30 Update: curl-7.64.0-7.fc30

2019-05-25 01:06:42

gentoo

cURL: Multiple vulnerabilities

2020-03-15 00:00:00

openvas

Mageia: Security Advisory (MGASA-2019-0337)

2022-01-28 00:00:00

Fedora Update for curl FEDORA-2019-9e6357d82f

2019-09-18 00:00:00

Debian: Security Advisory (DSA-4633-1)

2020-02-26 00:00:00

freebsd

curl -- multiple vulnerabilities

2019-09-11 00:00:00

curl -- multiple vulnerabilities

2019-05-22 00:00:00

redhat

(RHSA-2020:1792) Moderate: curl security update

2020-04-28 09:16:55

(RHSA-2020:0250) Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update

2020-01-27 21:04:58

(RHSA-2020:2505) Low: curl security update

2020-06-10 16:19:40

oraclelinux

curl security update

2020-05-05 00:00:00

curl security update

2020-03-08 00:00:00

curl security update

2020-03-09 00:00:00

debian

[SECURITY] [DSA 4633-1] curl security update

2020-02-24 19:55:58

[SECURITY] [DLA 1804-1] curl security update

2019-05-25 22:00:29

[SECURITY] [DLA 1917-1] curl security update

2019-09-13 08:18:36

ibm

Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436)

2019-12-20 08:47:33

Security Bulletin: cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

2020-12-10 22:27:50

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - cURL (CVE-2019-5482, CVE-2019-5481)

2020-08-18 19:28:18

archlinux

[ASA-201905-14] lib32-libcurl-compat: arbitrary code execution

2019-05-31 00:00:00

[ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution

2019-05-31 00:00:00

[ASA-201905-15] lib32-curl: arbitrary code execution

2019-05-31 00:00:00

amazon

Low: curl

2019-07-17 23:19:00

Medium: curl

2019-10-21 18:01:00

Medium: curl

2019-09-30 20:56:00

suse

Security update for curl (important)

2019-09-18 00:00:00

Security update for curl (important)

2019-09-24 00:00:00

Security update for curl (important)

2019-06-03 00:00:00

osv

curl - security update

2020-02-24 00:00:00

CVE-2019-5481

2019-09-16 19:15:10

CVE-2019-5435

2019-05-28 19:29:06

ubuntu

curl vulnerabilities

2019-09-11 00:00:00

curl vulnerabilities

2019-05-22 00:00:00

curl vulnerability

2019-09-12 00:00:00

cloudfoundry

USN-4129-1: curl vulnerabilities | Cloud Foundry

2019-09-30 00:00:00

USN-3993-1: curl vulnerabilities | Cloud Foundry

2019-05-29 00:00:00

slackware

[slackware-security] curl

2019-09-12 05:20:08

[slackware-security] curl

2019-05-22 23:31:53

hackerone

curl: Heap buffer overflow in TFTP when using small blksize

2019-08-29 15:52:19

curl: krb5: double-free in read_data() after realloc() fail

2019-09-03 11:51:58

curl: Integer overflows in unescape_word()

2022-05-10 16:10:48

altlinux

Security fix for the ALT Linux 8 package curl version 7.65.0-alt1

2019-05-24 00:00:00

prion

Double free

2019-09-16 19:15:00

Integer overflow

2019-05-28 19:29:00

Heap overflow

2019-05-28 19:29:00

redhatcve

CVE-2019-5481

2019-09-13 06:51:34

CVE-2019-5435

2019-05-22 11:21:35

CVE-2019-5482

2019-09-13 06:51:53

cvelist

CVE-2019-5481

2019-09-16 18:05:38

CVE-2019-5435

2019-05-28 18:44:01

CVE-2019-5482

2019-09-16 18:06:35

ubuntucve

CVE-2019-5481

2019-09-11 00:00:00

CVE-2019-5436

2019-05-22 00:00:00

CVE-2019-5435

2019-05-22 00:00:00

debiancve

CVE-2019-5481

2019-09-16 19:15:00

CVE-2019-5435

2019-05-28 19:29:00

veracode

Arbitrary Code Execution

2019-09-13 06:08:57

Integer Overflow

2020-10-29 10:41:14

Heap-based Buffer Overflow

2019-05-27 03:15:11

cve

CVE-2019-5481

2019-09-16 19:15:00

CVE-2019-5435

2019-05-28 19:29:00

CVE-2019-5436

2019-05-28 19:29:00

alpinelinux

CVE-2019-5481

2019-09-16 19:15:00

CVE-2019-5435

2019-05-28 19:29:00

CVE-2019-5436

2019-05-28 19:29:00

centos

curl, libcurl security update

2020-10-20 17:52:24

curl, libcurl security update

2020-04-08 17:51:50

K08125515 : cURL vulnerability CVE-2019-5435

2019-07-02 00:00:00

K55133295 : cURL and libcurl vulnerability CVE-2019-5436

2019-07-25 00:00:00

checkpoint_advisories

Haxx Curl Buffer Overflow (CVE-2019-5482)

2020-02-25 00:00:00

cURL and libcurl TFTP Heap Buffer Overflow (CVE-2019-5436)

2020-02-25 00:00:00

symantec

curl/libcURL CVE-2019-5482 Heap Buffer Overflow Vulnerability

2019-08-31 00:00:00

Updated curl packages fix security vulnerabilities

References

Related