[3.6] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122)
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
Affected versions:
curl 7.12.3 to and including curl 7.58.0
Not affected versions:
curl < 7.12.3 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-9cd6.html
Patch:
https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-1000121: LDAP NULL pointer dereference
Affected versions:
curl 7.21.0 to and including curl 7.58.0
Not affected versions:
curl < 7.21.0 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-97a2.html
Patch:
https://curl.haxx.se/docs/adv\_2018-97a2.html
CVE-2018-1000122: RTSP RTP buffer over-read
Affected versions:
curl 7.20.0 to and including curl 7.58.0
Not affected versions:
curl < 7.20.0 and curl >= 7.59.0
Reference:
https://curl.haxx.se/docs/adv\_2018-b047.html
Patch:
https://curl.haxx.se/CVE-2018-1000122.patch
(from redmine: issue id 8645, created on 2018-03-14, closed on 2018-03-20)
- Relations:
- copied_to #8642 (closed)
- parent #8642 (closed)
- Changesets:
- Revision cee23f71 on 2018-03-19T15:01:33Z:
main/curl: upgrade to 7.59.0
fixes #8645