| Errata ID | 328 |
|---|---|
| Date | 2018-04-18 |
| Source package | curl |
| Fixed in version | 7.38.0-4+deb8u10 |
| Description | This update addresses the following issues: * Fix NTLM buffer overflow via integer overflow (CVE-2017-8816) * Fix FTP wildcard out of bounds read (CVE-2017-8817) * Fix TFTP sends more than buffer size (CVE-2017-1000100) * Fix URL globbing out of bounds read (CVE-2017-1000101) * HTTP authentication leak in redirects (CVE-2018-1000007) * Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 * Fix LDAP NULL pointer dereference as per CVE-2018-1000121 * Fix RTSP RTP buffer over-read as per CVE-2018-1000122 * Fix FTP PWD response parser out of bounds read (CVE-2017-1000254) * Fix IMAP FETCH response out of bounds read (CVE-2017-1000257) |
| Additional notes | |
| CVE ID | CVE-2017-8816 CVE-2017-8817 CVE-2017-1000100 CVE-2017-1000101 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2017-1000254 CVE-2017-1000257 |
| UCS Bug number | #45604 |
