CVE-2017-1000257 Red Hat Update for curl (RHSA-2017:3263)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)
Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server – Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Server – AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.4 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.4 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server – TUS 7.4 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) – 4 Year Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server – 4 Year Extended Update Support 7.4 x86_64

漏洞危害

An attacker could exploit this flaw to potentially cause information disclosure or crash the application.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:3263 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:3263: Red Hat Enterprise Linux

Leave a Reply