[SECURITY] [DLA 1672-1] curl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : curl
Version : 7.38.0-4+deb8u14
CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
It was discovered that there were three vulnerabilities in the curl
command-line HTTP (etc.) client:
* CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in
the handling of NTLM type-2 messages.
* CVE-2019-3822: Stack-based buffer overflow in the handling of
outgoing NTLM type-3 headers.
* CVE-2019-3823: Heap out-of-bounds read in code handling
the end of a response in the SMTP protocol.
For Debian 8 "Jessie", this issue has been fixed in curl version
7.38.0-4+deb8u14.
We recommend that you upgrade your curl packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxhl/UACgkQHpU+J9Qx
Hljp2Q/9HzuJ9vRQuvKV7QoFUhIjUDEnOinI7oXnekFWJXhbB4fIS0icCIS9YHQZ
C3dLsyUPudsxz7DhIGc/SXOEU+Acbbp6FK4LpM+YT/q5gkpWgAw1aHazQgABgGO5
We1t6CDRwHAmQmZDQZyVJ4wbPw1VCu66RMnkWEaYq50owwi0/7BpnW7w0g9y83tw
DnlAJ3int8TNwVaGKD5LVke4iPPB3rex3RjglzA3leB/p/11Ei2EeL5D7q3tsRVt
kTygM7HwnHkGvVFBCQGZoNhmSPkFBRIGO9WZ4u9M27taatvVbI2T4qCjOqXvdhba
RpjEWhGgTUfoL8i3c4CR5vQHCQ7dCVtkDcuH8LTSSyZigAWx9SGeapVQt60l/LRo
mJSLgfFLySOcB3AxQOjdDhFJqgVPvk7/5uiahg1IUzGNcRdX2ws3xLjegpc2HdwT
jRdRYKFEva8OXyYG/rDQw/0vfVJsjSpRKt2uNbhgpRZkDd70MUJjehBXohNCpzYr
ck+TKnHx64gi2o1/4RvyrrDHX1J8s5F8wIrnMQix4HPodv3wSg7PljsG3931YHGX
F0OrNi64ODYQJYcP612lKif2YQAzb4pofhljP4DDCP5FlUAWLb+++U5hI5trm6eb
2Qn7pPc7NzoROnZD2LLm6FVP9BsJPeXhoGfA+iskQ4WnHio9Faw=
=R862
-----END PGP SIGNATURE-----
Reply to: