Lucene search
RedHatRHSA-2017:2016HistoryAug 01, 2017 - 5:57 a.m.
(RHSA-2017:2016) Moderate: curl security, bug fix, and enhancement update
2017-08-0105:57:16
access.redhat.com
20
0.015 Low
EPSS
Percentile
86.8%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. (CVE-2016-7167)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | s390 | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.s390.rpm |
| RedHat | 7 | x86_64 | curl-debuginfo | < 7.29.0-42.el7 | curl-debuginfo-7.29.0-42.el7.x86_64.rpm |
| RedHat | 7 | ppc64 | curl-debuginfo | < 7.29.0-42.el7 | curl-debuginfo-7.29.0-42.el7.ppc64.rpm |
| RedHat | 7 | ppc64le | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.ppc64le.rpm |
| RedHat | 7 | i686 | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.i686.rpm |
| RedHat | 7 | s390x | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.s390x.rpm |
| RedHat | 7 | s390x | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.s390x.rpm |
| RedHat | 7 | s390x | curl-debuginfo | < 7.29.0-42.el7 | curl-debuginfo-7.29.0-42.el7.s390x.rpm |
| RedHat | 7 | ppc | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.ppc.rpm |
| RedHat | 7 | x86_64 | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.x86_64.rpm |
Related
nvd
nvd
CVE-2016-7167
2016-10-07 14:59:08
nessus
nessus
Scientific Linux Security Update : curl on SL7.x x86_64 (20170801)
2017-08-22 00:00:00
Fedora 24 : curl (2016-7a2ed52d41)
2016-09-16 00:00:00
Debian DLA-625-1 : curl security update
2016-09-19 00:00:00
alpinelinux
alpinelinux
CVE-2016-7167
2016-10-07 14:59:08
cve
cve
CVE-2016-7167
2016-10-07 14:59:08
openvas
openvas
Fedora Update for curl FEDORA-2016-80f4f71eff
2016-10-05 00:00:00
Slackware: Security Advisory (SSA:2016-259-01)
2022-04-21 00:00:00
Fedora Update for curl FEDORA-2016-08533fc59c
2016-12-07 00:00:00
osv
osv
curl - security update
2016-09-17 00:00:00
curl - security update
2018-11-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:18:26
archlinux
archlinux
[ASA-201609-19] curl: denial of service
2016-09-20 00:00:00
[ASA-201609-18] lib32-curl: denial of service
2016-09-20 00:00:00
freebsd
freebsd
cURL -- Escape and unescape integer overflows
2016-09-14 00:00:00
ibm
ibm
debian
debian
[SECURITY] [DLA 625-1] curl security update
2016-09-17 18:28:27
[SECURITY] [DLA 1568-1] curl security update
2018-11-06 21:01:10
prion
prion
Integer overflow
2016-10-07 14:59:00
centos
centos
curl, libcurl security update
2017-08-24 01:36:34
fedora
fedora
[SECURITY] Fedora 25 Update: curl-7.50.3-1.fc25
2016-09-17 22:35:35
[SECURITY] Fedora 23 Update: curl-7.43.0-10.fc23
2016-09-29 23:08:15
[SECURITY] Fedora 24 Update: curl-7.47.1-8.fc24
2016-09-15 22:53:43
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.50.3-alt1
2016-09-14 00:00:00
debiancve
debiancve
CVE-2016-7167
2016-10-07 14:59:08
redhatcve
redhatcve
CVE-2016-7167
2016-09-14 08:48:34
oraclelinux
oraclelinux
curl security, bug fix, and enhancement update
2017-08-07 00:00:00
cvelist
cvelist
CVE-2016-7167
2016-10-07 14:00:00
ubuntucve
ubuntucve
CVE-2016-7167
2016-10-07 00:00:00
slackware
slackware
[slackware-security] curl
2016-09-16 00:31:23
mageia
mageia
Updated curl packages fix security vulnerability
2016-09-21 23:38:22
amazon
amazon
Low: curl
2016-09-27 10:30:00
suse
suse
Security update for curl (important)
2016-11-03 15:08:42
Security update for curl (important)
2016-11-10 17:06:47
Security update for curl (important)
2016-11-02 16:07:53
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
cloudfoundry
cloudfoundry
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-11-03 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
redhat
redhat
apple
apple
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00