AVG-796 log

Package lib32-curl
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.61.1-1
Fixed 7.62.0-1
Current 8.4.0-2 [multilib]
Ticket None
Created Wed Oct 31 09:58:26 2018
Issue Severity Remote Type Description
CVE-2018-16840 High Yes Arbitrary code execution
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up...
CVE-2018-16839 High Yes Arbitrary code execution
The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then...
Date Advisory Package Type
06 Nov 2018 ASA-201811-9 lib32-curl arbitrary code execution