Bug 1515757 (CVE-2017-8816)
Summary: | CVE-2017-8816 curl: NTLM buffer overflow via integer overflow | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | bodavis, dbhole, erik-fedora, hhorak, java-maint, john.j5live, jorton, kanderso, kdudka, luhliari, mike, omajid, paul, rwagner, security-response-team, sisharma, slawomir, tim.eilers, yozone | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | curl 7.57.0 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2018-01-03 15:44:47 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1518620, 1518621, 1518622, 1526300 | ||||||||
Bug Blocks: | 1515763 | ||||||||
Attachments: |
|
Description
Adam Mariš
2017-11-21 10:27:21 UTC
Acknowledgments: Name: the Curl project Upstream: Alex Nichols Created attachment 1356597 [details]
Upstream patch
Created attachment 1356599 [details]
Upstream patch
Issue was introduced by commit: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62 External References: https://curl.haxx.se/docs/adv_2017-12e7.html Created curl tracking bugs for this issue: Affects: fedora-all [bug 1518621] Created mingw-curl tracking bugs for this issue: Affects: epel-7 [bug 1518622] Affects: fedora-all [bug 1518620] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 |