Amazon Linux 1 Security Advisory: ALAS-2019-1294
Advisory Release Date: 2019-09-30 20:56 Pacific
Advisory Updated Date: 2019-10-02 23:02 Pacific
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481)
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
i686:
curl-7.61.1-12.93.amzn1.i686
curl-debuginfo-7.61.1-12.93.amzn1.i686
libcurl-7.61.1-12.93.amzn1.i686
libcurl-devel-7.61.1-12.93.amzn1.i686
src:
curl-7.61.1-12.93.amzn1.src
x86_64:
libcurl-devel-7.61.1-12.93.amzn1.x86_64
curl-debuginfo-7.61.1-12.93.amzn1.x86_64
curl-7.61.1-12.93.amzn1.x86_64
libcurl-7.61.1-12.93.amzn1.x86_64