AVG-798

Package lib32-libcurl-gnutls
Status Fixed
Severity High
Type arbitrary code execution
Affected 7.61.1-1
Fixed 7.62.0-1
Current 7.63.0-2 [multilib]
Ticket None
Created Wed Oct 31 09:59:29 2018
Issue Severity Remote Type Description
CVE-2018-16840 High Yes Arbitrary code execution
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up...
CVE-2018-16839 High Yes Arbitrary code execution
The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then...
Date Advisory Package Description
06 Nov 2018 ASA-201811-7 lib32-libcurl-gnutls arbitrary code execution