Branch sisyphus update bulletin.

Package curl updated to version 7.61.0-alt1.S1 for branch sisyphus in task 210345.

Published: 2018-07-11
Modified: 2024-11-21

CVE-2018-0500

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

1041280
1041280
RHSA-2018:2486
RHSA-2018:2486
https://curl.haxx.se/docs/adv_2018-70a2.html
https://curl.haxx.se/docs/adv_2018-70a2.html
https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628
https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628
GLSA-201807-04
GLSA-201807-04
USN-3710-1
USN-3710-1

Package moodle3.3 updated to version 3.3.3-alt2 for branch sisyphus in task 210205.

Old "Allow from all"

Version: 2.1.0

Branch sisyphus update on 2018-07-18

ALT-BU-2018-3358-1

ALT-PU-2018-2026-1

Closed vulnerabilities

CVE-2018-0500

ALT-PU-2018-2027-1

Closed bugs

Bug #34984