AVG-522

Package lib32-libcurl-compat
Status Fixed
Severity High
Type multiple issues
Affected 7.56.1-1
Fixed 7.57.0-1
Current 7.65.1-1 [multilib]
Ticket None
Created Wed Nov 29 10:23:29 2017
Issue Severity Remote Type Description
CVE-2017-8818 High Yes Arbitrary code execution
An out-of-bounds flaw has been found in the SSL related code of libcurl >= 7.56.0 and < 7.57.0. When allocating memory for a connection (the internal struct...
CVE-2017-8817 Medium Yes Information disclosure
A read out of bounds flaw has been found in the FTP wildcard function of libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching feature, which is...
CVE-2017-8816 High Yes Arbitrary code execution
A buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0, in the NTLM authentication code. The internal function...
Date Advisory Package Description
30 Nov 2017 ASA-201711-38 lib32-libcurl-compat multiple issues
References
https://curl.haxx.se/docs/adv_2017-11e7.html
https://curl.haxx.se/docs/adv_2017-ae72.html
https://curl.haxx.se/docs/adv_2017-af0a.html