ALAS-2019-1294


Amazon Linux 1 Security Advisory: ALAS-2019-1294
Advisory Release Date: 2019-09-30 20:56 Pacific
Advisory Updated Date: 2019-10-02 23:02 Pacific
Severity: Medium

Issue Overview:

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. (CVE-2019-5481)


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
i686:
    curl-7.61.1-12.93.amzn1.i686
    curl-debuginfo-7.61.1-12.93.amzn1.i686
    libcurl-7.61.1-12.93.amzn1.i686
    libcurl-devel-7.61.1-12.93.amzn1.i686

src:
    curl-7.61.1-12.93.amzn1.src

x86_64:
    libcurl-devel-7.61.1-12.93.amzn1.x86_64
    curl-debuginfo-7.61.1-12.93.amzn1.x86_64
    curl-7.61.1-12.93.amzn1.x86_64
    libcurl-7.61.1-12.93.amzn1.x86_64