CLD-399 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-1000300 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) curl
Deficiency Type SECURITY
Date Created 2018-05-16 10:40:41
Date Last Modified 2018-05-16 10:58:07

Version Specific Information:

Cucumber 1.0 i686 fixed in curl-7.60.0-i686-1
Cucumber 1.0 x86_64 fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1

Cucumber 1.1 i686 fixed in curl-7.60.0-i686-1
Cucumber 1.1 x86_64 fixed in curl-7.60.0-x86_64-1 and curl-lib_i686-7.60.0-lib_i686-1

Details:

See https://curl.haxx.se/docs/adv_2018-82c2.html for full details.

Relevant changelog entry (from Cucumber Linux 1.1):

Wed May 16 10:47:05 EDT 2018
net-base/curl upgraded from 7.59.0 to 7.60.0 to fix two security
        vulnerabilities: CVE-2018-1000301, a buffer overread that could
        potentially result in information disclosure but would more likely
        result in a denial of service (application crash). It can be triggered
        by a maliciouse remote server. Also fixes CVE-2018-1000300, a buffer
        overflow vulnerability that allowed for a malicious an FTP server to
        write arbitrary bytes to memory by overflowing the "closure handle"
        buffer. Although no exploit is known at this time, it is quite possible
        that this could result in arbitrary code execution given the nature of
        the vulnerability. For more information see:
                https://security.cucumberlinux.com/security/details.php?id=398
                https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
                https://curl.haxx.se/docs/adv_2018-b138.html
                https://security.cucumberlinux.com/security/details.php?id=399
                https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300
                https://curl.haxx.se/docs/adv_2018-82c2.html
multilib/net-base/curl-lib_i686 upgraded from 7.59.0 to 7.60.0 (x86_64 only)
* SECURITY FIX *