curl: security update to 7.65.0 #1852

l2dy · 2019-05-27T16:58:04Z

CVE IDs: CVE-2019-5435 (32-bit only), CVE-2019-5436

Other security advisory IDs: USN-3993-1

Descriptions:
Wenchao Li discovered that curl incorrectly handled memory in the
curl_url_set() function. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)

It was discovered that curl incorrectly handled memory when receiving data
from a TFTP server. A remote attacker could use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2019-5436)

Architectural progress:

The text was updated successfully, but these errors were encountered:

KexyBiscuit · 2019-09-11T08:14:36Z

Use AOSA-2019-0186.

l2dy added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-stable labels May 27, 2019

KexyBiscuit self-assigned this May 28, 2019

KexyBiscuit added this to the Winter 2018 milestone May 28, 2019

MingcongBai added a commit that referenced this issue Jul 9, 2019

curl{,+32}: update to 7.65.1; #1852

20598a2

KexyBiscuit closed this as completed Sep 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

curl: security update to 7.65.0 #1852

curl: security update to 7.65.0 #1852

l2dy commented May 27, 2019 •

edited by KexyBiscuit

KexyBiscuit commented Sep 11, 2019

curl: security update to 7.65.0 #1852

curl: security update to 7.65.0 #1852

Comments

l2dy commented May 27, 2019 • edited by KexyBiscuit

KexyBiscuit commented Sep 11, 2019

l2dy commented May 27, 2019 •

edited by KexyBiscuit