Amazon Linux 2 Security Advisory: ALAS-2018-1052
Advisory Release Date: 2018-08-08 16:35 Pacific
Advisory Updated Date: 2018-08-09 22:15 Pacific
Severity:
Medium
Issue Overview:
A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)
Affected Packages:
curl
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update curl to update your system.
New Packages:
src:
curl-7.55.1-12.amzn2.0.5.src
x86_64:
curl-7.55.1-12.amzn2.0.5.x86_64
libcurl-7.55.1-12.amzn2.0.5.x86_64
libcurl-devel-7.55.1-12.amzn2.0.5.x86_64
curl-debuginfo-7.55.1-12.amzn2.0.5.x86_64