USN-3441-1: curl vulnerabilities
USN-3441-1: curl vulnerabilities Ubuntu Security Notice USN-3441-1 10th October, 2017 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Daniel Stenberg discovered that curl incorrectly handled large floatingpoint output. A remote attacker could use this issue to cause curl tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names whendoing TFTP transfers. A remote attacker could use this issue to cause curlto crash, resulting in a denial of service, or possibly obtain sensitivememory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handlednumerical [ more… ]