StarlingX

CVE-2019-5482: curl: heap overflow in TFTP

Bug #1902149 reported by Ghada Khalil
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Joe Slater

Bug Description

CVE-2019-5482: curl: heap overflow in TFTP

CVSSv2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Description:
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-5482
https://access.redhat.com/errata/RHSA-2020:3916
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012676.html

Required package version:
curl-7.29.0-59.el7

Packages:
curl
libcurl
libcurl-devel (for build)

CVE References

Revision history for this message
Ghada Khalil (gkhalil) wrote :

The process is to address the CVE in stx master first and then cherrypick to the appropriate release branches after some soak time

Changed in starlingx:
status: New → Triaged
tags: added: stx.security
tags: added: stx.5.0
Changed in starlingx:
importance: Undecided → Medium
assignee: nobody → Joe Slater (jslater0wind)
Ghada Khalil (gkhalil)
information type: Public → Public Security
tags: added: stx.4.0
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Medium → High
Revision history for this message
Michel Thebeau [WIND] (mthebeau) wrote :

StarlingX master merged as https://opendev.org/starlingx/tools/commit/c7f398e9ea

Changed in starlingx:
status: Triaged → Fix Released
Revision history for this message
Michel Thebeau [WIND] (mthebeau) wrote :

Starlingx master was reviewed as:
https://review.opendev.org/c/starlingx/tools/+/765637

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.