ALAS2-2018-1052


Amazon Linux 2 Security Advisory: ALAS-2018-1052
Advisory Release Date: 2018-08-09 22:15 Pacific
Severity: Medium
References: CVE-2018-0500 

Issue Overview:

A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.(CVE-2018-0500 )


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
src:
    curl-7.55.1-12.amzn2.0.5.src

x86_64:
    curl-7.55.1-12.amzn2.0.5.x86_64
    libcurl-7.55.1-12.amzn2.0.5.x86_64
    libcurl-devel-7.55.1-12.amzn2.0.5.x86_64
    curl-debuginfo-7.55.1-12.amzn2.0.5.x86_64