[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.14 (Accepted)
Alex Murray
alex.murray at canonical.com
Wed Sep 11 07:02:53 UTC 2019
curl (7.47.0-1ubuntu2.14) xenial-security; urgency=medium
* SECURITY UPDATE: double-free when using kerberos over FTP may cause
denial-of-service
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- CVE-2019-5481
* SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
cause denial-of-service or remote code-execution
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
- CVE-2019-5482
Date: 2019-09-10 13:02:14.197305+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list