(RHSA-2020:0594) Moderate: curl security update

ID RHSA-2020:0594
Type redhat
Reporter RedHat
Modified 2020-02-25T16:49:30


The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: HTTP authentication leak in redirects (CVE-2018-1000007)

  • curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)

  • curl: RTSP RTP buffer over-read (CVE-2018-1000122)

  • curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service (CVE-2018-1000301)

  • curl: LDAP NULL pointer dereference (CVE-2018-1000121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.