ALAS2-2019-1340


Amazon Linux 2 Security Advisory: ALAS-2019-1340
Advisory Release Date: 2019-10-21 18:01 Pacific
Advisory Updated Date: 2019-10-24 05:31 Pacific
Severity: Medium

Issue Overview:

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.(CVE-2019-5481 )

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482 )


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
aarch64:
    curl-7.61.1-12.amzn2.0.1.aarch64
    libcurl-7.61.1-12.amzn2.0.1.aarch64
    libcurl-devel-7.61.1-12.amzn2.0.1.aarch64
    curl-debuginfo-7.61.1-12.amzn2.0.1.aarch64

i686:
    curl-7.61.1-12.amzn2.0.1.i686
    libcurl-7.61.1-12.amzn2.0.1.i686
    libcurl-devel-7.61.1-12.amzn2.0.1.i686
    curl-debuginfo-7.61.1-12.amzn2.0.1.i686

src:
    curl-7.61.1-12.amzn2.0.1.src

x86_64:
    curl-7.61.1-12.amzn2.0.1.x86_64
    libcurl-7.61.1-12.amzn2.0.1.x86_64
    libcurl-devel-7.61.1-12.amzn2.0.1.x86_64
    curl-debuginfo-7.61.1-12.amzn2.0.1.x86_64