Overview

File _patchinfo of Package patchinfo.6879

<patchinfo incident="6879">
  <issue id="1084521" tracker="bnc">VUL-1: CVE-2018-1000120: curl: FTP path trickery leads to NIL byte out of bounds write</issue>
  <issue id="1084532" tracker="bnc">VUL-0: CVE-2018-1000122: curl: RTSP RTP buffer over-read</issue>
  <issue id="1084524" tracker="bnc">VUL-1: CVE-2018-1000121: curl: LDAP NULL pointer dereference</issue>
  <issue id="2018-1000120" tracker="cve" />
  <issue id="2018-1000121" tracker="cve" />
  <issue id="2018-1000122" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for curl fixes the following issues:

Following security issues were fixed:

- CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521).
- CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524).
- CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532).
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places