Lucene search
RedHatRHSA-2020:1792HistoryApr 28, 2020 - 9:16 a.m.
(RHSA-2020:1792) Moderate: curl security update
2020-04-2809:16:55
access.redhat.com
62
0.098 Low
EPSS
Percentile
94.8%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: double free due to subsequent call of realloc() (CVE-2019-5481)
-
curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
-
curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | aarch64 | curl-minimal-debuginfo | < 7.61.1-12.el8 | curl-minimal-debuginfo-7.61.1-12.el8.aarch64.rpm |
| RedHat | 8 | ppc64le | curl | < 7.61.1-12.el8 | curl-7.61.1-12.el8.ppc64le.rpm |
| RedHat | 8 | x86_64 | libcurl | < 7.61.1-12.el8 | libcurl-7.61.1-12.el8.x86_64.rpm |
| RedHat | 8 | ppc64le | curl-debuginfo | < 7.61.1-12.el8 | curl-debuginfo-7.61.1-12.el8.ppc64le.rpm |
| RedHat | 8 | x86_64 | libcurl-minimal | < 7.61.1-12.el8 | libcurl-minimal-7.61.1-12.el8.x86_64.rpm |
| RedHat | 8 | s390x | curl | < 7.61.1-12.el8 | curl-7.61.1-12.el8.s390x.rpm |
| RedHat | 8 | ppc64le | libcurl-debuginfo | < 7.61.1-12.el8 | libcurl-debuginfo-7.61.1-12.el8.ppc64le.rpm |
| RedHat | 8 | ppc64le | curl-minimal-debuginfo | < 7.61.1-12.el8 | curl-minimal-debuginfo-7.61.1-12.el8.ppc64le.rpm |
| RedHat | 8 | ppc64le | libcurl-devel | < 7.61.1-12.el8 | libcurl-devel-7.61.1-12.el8.ppc64le.rpm |
| RedHat | 8 | s390x | curl-debuginfo | < 7.61.1-12.el8 | curl-debuginfo-7.61.1-12.el8.s390x.rpm |
Related
openvas
openvas
Debian: Security Advisory (DSA-4633-1)
2020-02-26 00:00:00
Mageia: Security Advisory (MGASA-2019-0337)
2022-01-28 00:00:00
Fedora Update for curl FEDORA-2019-9e6357d82f
2019-09-18 00:00:00
nessus
nessus
Oracle Linux 8 : curl (ELSA-2020-1792)
2023-09-07 00:00:00
CentOS 8 : curl (CESA-2020:1792)
2021-02-01 00:00:00
RHEL 8 : curl (RHSA-2020:1792)
2020-04-28 00:00:00
freebsd
freebsd
curl -- multiple vulnerabilities
2019-09-11 00:00:00
curl -- multiple vulnerabilities
2019-05-22 00:00:00
debian
debian
[SECURITY] [DSA 4633-1] curl security update
2020-02-24 19:45:52
[SECURITY] [DLA 1804-1] curl security update
2019-05-25 22:00:13
[SECURITY] [DLA 1917-1] curl security update
2019-09-13 08:18:00
oraclelinux
oraclelinux
curl security update
2020-05-05 00:00:00
curl security update
2020-03-08 00:00:00
curl security update
2020-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: curl-7.65.3-4.fc30
2019-09-18 00:56:35
[SECURITY] Fedora 31 Update: curl-7.66.0-1.fc31
2019-09-21 00:04:17
[SECURITY] Fedora 29 Update: curl-7.61.1-12.fc29
2019-09-29 02:22:57
mageia
mageia
Updated curl packages fix security vulnerabilities
2019-11-30 16:06:06
gentoo
gentoo
cURL: Multiple vulnerabilities
2020-03-15 00:00:00
suse
suse
Security update for curl (important)
2019-09-18 00:00:00
Security update for curl (important)
2019-09-24 00:00:00
Security update for curl (important)
2019-06-04 00:00:00
amazon
amazon
osv
osv
curl - security update
2020-02-24 00:00:00
CVE-2019-5481
2019-09-16 19:15:10
curl - security update
2019-05-25 00:00:00
ibm
ibm
ubuntu
ubuntu
curl vulnerabilities
2019-09-11 00:00:00
curl vulnerability
2019-09-12 00:00:00
curl vulnerability
2019-05-22 00:00:00
cloudfoundry
cloudfoundry
USN-4129-1: curl vulnerabilities | Cloud Foundry
2019-09-30 00:00:00
PXC Release update for April 2020 MySQL security patches | Cloud Foundry
2020-08-10 00:00:00
USN-3993-1: curl vulnerabilities | Cloud Foundry
2019-05-29 00:00:00
slackware
slackware
[slackware-security] curl
2019-09-12 05:20:08
hackerone
hackerone
curl: Heap buffer overflow in TFTP when using small blksize
2019-08-29 15:52:19
curl: krb5: double-free in read_data() after realloc() fail
2019-09-03 11:51:58
curl: Heap Buffer Overflow at lib/tftp.c
2019-04-29 18:08:38
redhat
redhat
(RHSA-2020:0250) Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update
2020-01-27 21:04:58
(RHSA-2021:0877) Moderate: curl security update
2021-03-16 13:07:11
(RHSA-2021:0759) Moderate: curl security update
2021-03-09 08:47:34
prion
prion
redhatcve
redhatcve
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
veracode
veracode
Arbitrary Code Execution
2019-09-13 06:08:57
Heap-based Buffer Overflow
2019-05-27 03:15:11
Arbitrary Code Execution
2019-09-12 07:10:22
alpinelinux
alpinelinux
nvd
nvd
centos
centos
curl, libcurl security update
2020-10-20 17:52:24
curl, libcurl security update
2020-04-08 17:51:50
checkpoint_advisories
checkpoint_advisories
Haxx Curl Buffer Overflow (CVE-2019-5482)
2020-02-25 00:00:00
cURL and libcurl TFTP Heap Buffer Overflow (CVE-2019-5436)
2020-02-25 00:00:00
symantec
symantec
curl/libcURL CVE-2019-5482 Heap Buffer Overflow Vulnerability
2019-08-31 00:00:00
archlinux
archlinux
[ASA-201905-16] curl: arbitrary code execution
2019-05-31 00:00:00
[ASA-201905-11] libcurl-compat: arbitrary code execution
2019-05-31 00:00:00
[ASA-201905-12] libcurl-gnutls: arbitrary code execution
2019-05-31 00:00:00
f5
f5
K55133295 : cURL and libcurl vulnerability CVE-2019-5436
2019-07-25 00:00:00
K41523201 : cURL vulnerability CVE-2019-5482
2020-12-23 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0032
2019-10-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.65.0-alt1
2019-05-24 00:00:00