AVG-112

Package curl
Status Fixed
Severity Medium
Type multiple issues
Affected 7.51.0-1
Fixed 7.52.1-1
Current 7.60.0-1 [core]
Ticket FS#52247
Created Fri Dec 23 00:16:09 2016
Issue Severity Remote Type Description
CVE-2016-9594 Medium Yes Incorrect calculation
libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into...
CVE-2016-9586 Medium Yes Arbitrary code execution
libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion...
Date Advisory Package Description
27 Dec 2016 ASA-201612-22 curl multiple issues
References
https://curl.haxx.se/docs/adv_20161221A.html