Synopsis: Moderate: curl and nss-pem security and bug fix update
Advisory ID: SLSA-2018:3157-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-1000007
CVE-2018-1000120
CVE-2018-1000121
CVE-2018-1000122
CVE-2018-1000301
—
Security Fix(es):
* curl: HTTP authentication leak in redirects (CVE-2018-1000007)
* curl: FTP path trickery leads to NIL byte out of bounds write
(CVE-2018-1000120)
* curl: RTSP RTP buffer over-read (CVE-2018-1000122)
* curl: Out-of-bounds heap read when missing RTSP headers allows
information leak of denial of service (CVE-2018-1000301)
* curl: LDAP NULL pointer dereference (CVE-2018-1000121)
—
SL7
x86_64
curl-7.29.0-51.el7.x86_64.rpm
curl-debuginfo-7.29.0-51.el7.i686.rpm
curl-debuginfo-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm
nss-pem-debuginfo-1.0.3-5.el7.i686.rpm
nss-pem-debuginfo-1.0.3-5.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
– Scientific Linux Development Team
