[arch-security] [Arch Linux Security Advisory ASA-201411-7] curl: out-of-bounds read
Levente Polyak
anthraxx at archlinux.org
Tue Nov 11 20:12:01 UTC 2014
Arch Linux Security Advisory ASA-201411-7
=========================================
Severity: Medium
Date : 2014-11-11
CVE-ID : CVE-2014-3707
Package : curl
Type : out-of-bounds read
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package curl before version 7.39.0-1 is vulnerable to out-of-bounds
read which may lead to information disclosure.
Resolution
==========
Upgrade to 7.39.0-1.
# pacman -Syu "curl>=7.39.0-1"
The problem has been fixed upstream [0] in version 7.39.0.
Workaround
==========
None.
Description
===========
Symeon Paraschoudis discovered that the curl_easy_duphandle() function
has a bug that can lead to libcurl eventually sending off sensitive data
that was not intended for sending.
Impact
======
This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be
used in that order, and then the duplicate handle must be used to
perform the HTTP POST. The curl command line tool is not affected by
this problem as it does not use this sequence.
References
==========
[0] https://github.com/bagder/curl/commit/b38756
https://access.redhat.com/security/cve/CVE-2014-3707
http://curl.haxx.se/docs/adv_20141105.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141111/5937ade2/attachment.bin>
More information about the arch-security
mailing list