Lucene search
Cloud FoundryCFOUNDRY:529C483E69134C40724A308ABD10A76BHistorySep 30, 2019 - 12:00 a.m.
USN-4129-1: curl vulnerabilities | Cloud Foundry
2019-09-3000:00:00
Cloud Foundry
www.cloudfoundry.org
26
0.098 Low
EPSS
Percentile
94.9%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
- Canonical Ubuntu 18.04
Description
Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481)
Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482)
CVEs contained in this USN include: CVE-2019-5481, CVE-2019-5482
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH xenial-stemcells are vulnerable, including:
- 456.x versions prior to 456.25
- 315.x versions prior to 315.97
- 250.x versions prior to 250.110
- 170.x versions prior to 170.133
- 97.x versions prior to 97.159
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs3 prior to 0.126.0
Mitigation
Users of affected products are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells:
- Upgrade 456.x versions to 456.25
- Upgrade 315.x versions to 315.97
- Upgrade 250.x versions to 250.110
- Upgrade 170.x versions to 170.133
- Upgrade 97.x versions to 97.159
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.126.0 or later.
References
Related
amazon
amazon
Medium: curl
2019-10-21 18:01:00
Medium: curl
2019-09-30 20:56:00
suse
suse
Security update for curl (important)
2019-09-18 00:00:00
Security update for curl (important)
2019-09-24 00:00:00
ibm
ibm
osv
osv
curl - security update
2020-02-24 00:00:00
CVE-2019-5481
2019-09-16 19:15:10
curl - security update
2019-09-12 00:00:00
nessus
nessus
openSUSE Security Update : curl (openSUSE-2019-2149)
2019-09-18 00:00:00
Photon OS 3.0: Curl PHSA-2019-3.0-0032
2019-10-22 00:00:00
Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-254-01)
2019-09-12 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2019-09-11 00:00:00
curl vulnerability
2019-09-12 00:00:00
openvas
openvas
Fedora Update for curl FEDORA-2019-6d7f6fa2c8
2020-01-09 00:00:00
openSUSE: Security Advisory for curl (openSUSE-SU-2019:2149-1)
2020-01-09 00:00:00
openSUSE: Security Advisory for curl (openSUSE-SU-2019:2169-1)
2019-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: curl-7.66.0-1.fc31
2019-09-21 00:04:17
[SECURITY] Fedora 30 Update: curl-7.65.3-4.fc30
2019-09-18 00:56:35
[SECURITY] Fedora 29 Update: curl-7.61.1-12.fc29
2019-09-29 02:22:57
slackware
slackware
[slackware-security] curl
2019-09-12 05:20:08
freebsd
freebsd
curl -- multiple vulnerabilities
2019-09-11 00:00:00
MySQL Server -- Multiple vulerabilities
2020-04-14 00:00:00
redhat
redhat
(RHSA-2020:0250) Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update
2020-01-27 21:04:58
(RHSA-2020:1792) Moderate: curl security update
2020-04-28 09:16:55
(RHSA-2021:0877) Moderate: curl security update
2021-03-16 13:07:11
debian
debian
[SECURITY] [DSA 4633-1] curl security update
2020-02-24 19:45:52
[SECURITY] [DLA 1917-1] curl security update
2019-09-13 08:18:00
oraclelinux
oraclelinux
curl security update
2020-05-05 00:00:00
curl security update
2020-03-08 00:00:00
curl security update
2020-03-09 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2019-11-30 16:06:06
gentoo
gentoo
cURL: Multiple vulnerabilities
2020-03-15 00:00:00
prion
prion
Double free
2019-09-16 19:15:00
Heap overflow
2019-09-16 19:15:00
redhatcve
redhatcve
CVE-2019-5481
2019-09-13 06:51:34
CVE-2019-5482
2019-09-13 06:51:53
hackerone
hackerone
curl: krb5: double-free in read_data() after realloc() fail
2019-09-03 11:51:58
curl: Heap buffer overflow in TFTP when using small blksize
2019-08-29 15:52:19
cvelist
cvelist
CVE-2019-5481
2019-09-16 18:05:38
CVE-2019-5482
2019-09-16 18:06:35
debiancve
debiancve
CVE-2019-5481
2019-09-16 19:15:10
CVE-2019-5482
2019-09-16 19:15:10
ubuntucve
ubuntucve
CVE-2019-5481
2019-09-11 00:00:00
CVE-2019-5482
2019-09-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-09-13 06:08:57
Arbitrary Code Execution
2019-09-12 07:10:22
cve
cve
CVE-2019-5481
2019-09-16 19:15:10
CVE-2019-5482
2019-09-16 19:15:10
alpinelinux
alpinelinux
CVE-2019-5481
2019-09-16 19:15:10
CVE-2019-5482
2019-09-16 19:15:10
nvd
nvd
CVE-2019-5481
2019-09-16 19:15:10
CVE-2019-5482
2019-09-16 19:15:10
centos
centos
curl, libcurl security update
2020-10-20 17:52:24
checkpoint_advisories
checkpoint_advisories
Haxx Curl Buffer Overflow (CVE-2019-5482)
2020-02-25 00:00:00
symantec
symantec
curl/libcURL CVE-2019-5482 Heap Buffer Overflow Vulnerability
2019-08-31 00:00:00
f5
f5
K41523201 : cURL vulnerability CVE-2019-5482
2020-12-23 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0032
2019-10-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0032
2019-10-04 00:00:00
cloudfoundry
cloudfoundry
PXC Release update for April 2020 MySQL security patches | Cloud Foundry
2020-08-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00