CLD-398 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-1000301 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) curl
Deficiency Type SECURITY
Date Created 2018-05-16 10:40:30
Date Last Modified 2018-05-16 10:58:07

Version Specific Information:

Cucumber 1.0 i686 fixed in curl-7.60.0-i686-1
Cucumber 1.0 x86_64 fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1

Cucumber 1.1 i686 fixed in curl-7.60.0-i686-1
Cucumber 1.1 x86_64 fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1

Details:

See https://curl.haxx.se/docs/adv_2018-b138.html for full details.

Relevant changelog entry (from Cucumber Linux 1.1):

Wed May 16 10:47:05 EDT 2018
net-base/curl upgraded from 7.59.0 to 7.60.0 to fix two security
	vulnerabilities: CVE-2018-1000301, a buffer overread that could
	potentially result in information disclosure but would more likely
	result in a denial of service (application crash). It can be triggered
	by a maliciouse remote server. Also fixes CVE-2018-1000300, a buffer
	overflow vulnerability that allowed for a malicious an FTP server to
	write arbitrary bytes to memory by overflowing the "closure handle"
	buffer. Although no exploit is known at this time, it is quite possible
	that this could result in arbitrary code execution given the nature of
	the vulnerability. For more information see:
		https://security.cucumberlinux.com/security/details.php?id=398
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
		https://curl.haxx.se/docs/adv_2018-b138.html
		https://security.cucumberlinux.com/security/details.php?id=399
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300
		https://curl.haxx.se/docs/adv_2018-82c2.html
multilib/net-base/curl-lib_i686 upgraded from 7.59.0 to 7.60.0 (x86_64 only)
* SECURITY FIX *