Details of VAR-201809-0686

ID

VAR-201809-0686

CVE

CVE-2018-14618

TITLE

curl Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013634

DESCRIPTION

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.). curl Contains an integer overflow vulnerability. This vulnerability CVE-2017-8816 It is a similar problem.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. cURL/libcURL version 7.15.4 through 7.61.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Background ========== A command line tool and library for transferring data with URLs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.64.0 >= 7.64.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact ====== Remote attackers could cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0" References ========== [ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3765-2 September 17, 2018 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: curl could be made to run arbitrary code if it received a specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl incorrectly handled certain inputs. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.23 libcurl3 7.22.0-3ubuntu4.23 libcurl3-gnutls 7.22.0-3ubuntu4.23 libcurl3-nss 7.22.0-3ubuntu4.23 In general, a standard system update will make all the necessary changes. 7) - aarch64, ppc64le, s390x 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: NTLM password overflow via integer overflow (CVE-2018-14618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * baseurl with file:// hangs and then timeout in yum repo (BZ#1709474) * curl crashes on http links with rate-limit (BZ#1711914) 4. See https://curl.haxx.se/docs/CVE-2018-14618.html for more information. For the stable distribution (stretch), this problem has been fixed in version 7.52.1-5+deb9u7. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAluQNvMACgkQbwzL4CFi RygTog//QTj+fBPm49RW3szmgcyGwkh/kccOPSlTeuafg7mAX9pJRIqIE3AE1dNN UJMYe09qYpN/mR2kewpeu8LOYBoJnjhBcrCtXv1Tz2RgLTbROqfAiOPGLkSSFM8O Loor2LDpbcLIMPqYiYHmcEsTE+BJVmZ0rsyG77GaMoDP0juFfj1LM17JnQLSITVB yggSYdfNkmJI91g08KdVEHkvxxHw1qR98zF8Ft0Z+vg6is11As1LF8O0UH9XYQym 7PWhRdO3hwYcsFqc+c/HEdM9cPxKMFHX1KCfGcW4VElmL2GSyBTWUvkoH9s2NvZF IiRR5xJz8Z8Exdj/mWHGCn10ZT2QWvYljZpqCdXw4c5mxTnmCBIGJswq8Ds23iG+ xsI8l4RJfpIpku7gERgJX0jKmFWh4rmIdRwK50C39MCC1NgKDbH8NglKF6LzNBnz QK7jDg/cKjZ0N2nMKXQUWPrzyE6WrbdwJy5V1yAPT7wGBlvC3NPOBxBkARxlEAv9 Qw0eZiPBSUNc+FGBEsTEH2PWcGwBN7FXHgzJ2JpUpIRB6pxYnI16gwJEgz2VLKLb xJ//HtoJsm0wAiDtq9AvEkQANVDHb/p9+BYrJw+NMRTuUaJKVBKeuowFEm4aAJP5 Z84D9LjdILwEXoBkxgMwrzNuyuaryFq10XaazC/uUitn5guRtrY=mPG5 -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded. For more information, see: https://curl.haxx.se/docs/CVE-2018-14618.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz Slackware 14.1 package: fff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz Slackware 14.2 package: e130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz Slackware -current package: 7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz Slackware x86_64 -current package: b96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.61.1-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24 security, bug fix, and enhancement update Advisory ID: RHSA-2018:3558-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3558 Issue date: 2018-11-13 CVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2017-7407 CVE-2017-8816 CVE-2017-8817 CVE-2017-15710 CVE-2017-15715 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 CVE-2018-11763 CVE-2018-14618 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 ===================================================================== 1. Summary: An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928) Security Fix(es): * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283) * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303) * httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333) * httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763) * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301) * httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121. Bug Fix(es): * Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737) Enhancement(s): * This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722) Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1362199 - CVE-2016-5421 curl: Use of connection struct after free 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388370 - CVE-2016-8615 curl: Cookie injection for other servers 1388371 - CVE-2016-8616 curl: Case insensitive password comparison 1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication 1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf 1388379 - CVE-2016-8619 curl: Double-free in krb5 code 1388382 - CVE-2016-8620 curl: Glob parser write/read out of bounds 1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read 1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation 1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies 1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#' 1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host 1406712 - CVE-2016-9586 curl: printf floating point buffer overflow 1439190 - CVE-2017-7407 curl: --write-out out of bounds read 1478309 - CVE-2017-1000101 curl: URL globbing out of bounds read 1478310 - CVE-2017-1000100 curl: TFTP sends more than buffer size 1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read 1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read 1515757 - CVE-2017-8816 curl: NTLM buffer overflow via integer overflow 1515760 - CVE-2017-8817 curl: FTP wildcard out of bounds read 1518737 - HTTP/2 connections hang and timeout 1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects 1540167 - provides without httpd24 pre/in-fix 1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write 1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference 1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read 1558450 - Not able to use SSLOpenSSLConfCmd with httpd24-httpd-2.4.27. 1560395 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications 1560399 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS 1560599 - CVE-2017-15710 httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values 1560614 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name 1560634 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest 1560643 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request 1575536 - CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service 1605048 - CVE-2018-1333 httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS 1622707 - CVE-2018-14618 curl: NTLM password overflow via integer overflow 1628389 - Make OCSP more configurable (like CRL) 1633260 - mod_session missing apr-util-openssl 1633399 - CVE-2018-11763 httpd: DoS for HTTP/2 connections by continuous SETTINGS frames 1634830 - FTBFS: httpd24-httpd 1640722 - mod_md is missing in httpd24-httpd 1646937 - Unable to start httpd 1648928 - Rebase curl to the latest version 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-5421 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-7167 https://access.redhat.com/security/cve/CVE-2016-8615 https://access.redhat.com/security/cve/CVE-2016-8616 https://access.redhat.com/security/cve/CVE-2016-8617 https://access.redhat.com/security/cve/CVE-2016-8618 https://access.redhat.com/security/cve/CVE-2016-8619 https://access.redhat.com/security/cve/CVE-2016-8620 https://access.redhat.com/security/cve/CVE-2016-8621 https://access.redhat.com/security/cve/CVE-2016-8622 https://access.redhat.com/security/cve/CVE-2016-8623 https://access.redhat.com/security/cve/CVE-2016-8624 https://access.redhat.com/security/cve/CVE-2016-8625 https://access.redhat.com/security/cve/CVE-2016-9586 https://access.redhat.com/security/cve/CVE-2017-7407 https://access.redhat.com/security/cve/CVE-2017-8816 https://access.redhat.com/security/cve/CVE-2017-8817 https://access.redhat.com/security/cve/CVE-2017-15710 https://access.redhat.com/security/cve/CVE-2017-15715 https://access.redhat.com/security/cve/CVE-2017-1000100 https://access.redhat.com/security/cve/CVE-2017-1000101 https://access.redhat.com/security/cve/CVE-2017-1000254 https://access.redhat.com/security/cve/CVE-2017-1000257 https://access.redhat.com/security/cve/CVE-2018-1283 https://access.redhat.com/security/cve/CVE-2018-1301 https://access.redhat.com/security/cve/CVE-2018-1303 https://access.redhat.com/security/cve/CVE-2018-1312 https://access.redhat.com/security/cve/CVE-2018-1333 https://access.redhat.com/security/cve/CVE-2018-11763 https://access.redhat.com/security/cve/CVE-2018-14618 https://access.redhat.com/security/cve/CVE-2018-1000007 https://access.redhat.com/security/cve/CVE-2018-1000120 https://access.redhat.com/security/cve/CVE-2018-1000121 https://access.redhat.com/security/cve/CVE-2018-1000122 https://access.redhat.com/security/cve/CVE-2018-1000301 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+qMytzjgjWX9erEAQgLzQ//V6p0MJlmHHuvBRYszVGnu43cqKkSzERl vPJnEBEdzaU1+hxnBpN+PwWRp+X0j7EIgEnc3yBMSqnKnZUXhbW+2AlWKFSu96i1 WcDdaxtFkD8opjERjN+ckuOnk2Eh24eWAYoDIn0WqTR7seOdvdXsURROOyvugwXP ulGH+RQhwyxBYvYKp1RmX+REgKfW99wMxpd7B4depYhsI5ZkTzhyTbnp2E+v/XpY r8NqBJEV0C69sHrddBjvDMl+M0vwPw0X1YWEGsP20tZ3nqGPCVlCegQ+WCUU36HH 1Asxa1s2/50vlY5Aa79iJuAlotw/qy4Cxvm98A33ImBvI1WMfoRXmmkOYcOsTP3o 38fkPK4XuDiimWj+ODq29WsqvjJTZgCD32lw7MgjeyH+0u4aMYnImRtC7tG2ykRU ETXqLCnQ1I1We2ar3vI9xYLJ+wmc/Iy479eDWziiQztO2RusHxXTStt2n5XEGg1Z ylahAIyX989zJ3UcSs2h8dbMqjFzHZtie6xEtgFH8fsaPr36HjvKrTzj9rIN2xgt D1EcxjUVJRp536TzS5ULmAQSAfURruq6xTyuxI9+nDNfFXJbKI5IxIR1W6jkVIMD N1asv6UUHNzFmJgnmd94AlqDK2iCdoZBwmosk6ICcBmJVrWPMXjBDGNS3GtbKOdj RkKELMK+M5A= =7w7/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // BID: 107835 // VULMON: CVE-2018-14618 // PACKETSTORM: 152034 // PACKETSTORM: 149396 // PACKETSTORM: 149395 // PACKETSTORM: 153792 // PACKETSTORM: 149247 // PACKETSTORM: 149249 // PACKETSTORM: 150307

AFFECTED PRODUCTS

vendor:	haxx	model:	libcurl	scope:	lt	version:	7.61.1	Trust: 1.8
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	18.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux esm	scope:	eq	version:	12.04	Trust: 0.3
vendor:	siemens	model:	sinema remote connect client	scope:	eq	version:	1.0	Trust: 0.3
vendor:	redhat	model:	software collections for rhel workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	software collections for rhel workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	170	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.6	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.5	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	17.4	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	16	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.61	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.60	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.59	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.58	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.57	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.56.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.56	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.55.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.54.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.54	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.53.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.53	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.52	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.51	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.50	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.47	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.46	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.43	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.42.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.36	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.34	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.33	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.32	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.31	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.30	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.25	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.23	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.22	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.20	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.6	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.17	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.15.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.55.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.52.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.49.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.48.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.42.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.41.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.40.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.39	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.38.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.37.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.37.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.35.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.29.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.28.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.28.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.27.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.26.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.24.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.23.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.7	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.6	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.5	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.4	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.21.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.20.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.7	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.19.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.18.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.17.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.3	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.2	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.1	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.16.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	eq	version:	7.15.4	Trust: 0.3
vendor:	siemens	model:	sinema remote connect client hf1	scope:	ne	version:	2.0	Trust: 0.3
vendor:	haxx	model:	libcurl	scope:	ne	version:	7.61.1	Trust: 0.3

sources: BID: 107835 // JVNDB: JVNDB-2018-013634 // NVD: CVE-2018-14618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14618
value:	CRITICAL
Trust: 1.0
secalert@redhat.com:	CVE-2018-14618
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14618
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201809-215
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2018-14618
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14618
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2018-14618
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
secalert@redhat.com:	CVE-2018-14618
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULMON: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // CNNVD: CNNVD-201809-215 // NVD: CVE-2018-14618 // NVD: CVE-2018-14618

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.8
problemtype:	CWE-131	Trust: 1.0
problemtype:	CWE-122	Trust: 1.0

sources: JVNDB: JVNDB-2018-013634 // NVD: CVE-2018-14618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013634

PATCH

title:	DSA-4286	url:	https://www.debian.org/security/2018/dsa-4286	Trust: 0.8
title:	Bug 1622707	url:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618	Trust: 0.8
title:	RHSA-2018:3558	url:	https://access.redhat.com/errata/RHSA-2018:3558	Trust: 0.8
title:	NTLM password overflow via integer overflow	url:	https://curl.haxx.se/docs/CVE-2018-14618.html	Trust: 0.8
title:	USN-3765-1	url:	https://usn.ubuntu.com/3765-1/	Trust: 0.8
title:	USN-3765-2	url:	https://usn.ubuntu.com/3765-2/	Trust: 0.8
title:	Haxx curl Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84547	Trust: 0.6
title:	Red Hat: Low: curl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191880 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: curl vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3765-1	Trust: 0.1
title:	Ubuntu Security Notice: curl vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3765-2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1112	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1112	Trust: 0.1
title:	Red Hat: CVE-2018-14618	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-14618	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a1829bb84184b37e71ea49829931b07f	Trust: 0.1
title:	Debian CVElist Bug Report Logs: curl: CVE-2018-14618: NTLM password overflow via integer overflow	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=bcc124abe94afd85dbaa24ccf7746c39	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7531c7915b1d94fd00f2e04e9f32c65b	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1135	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1135	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage – GlusterFS and Minio	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7fea8e095b9e5b4078d6992b0167a6bc	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=07514a487c5c08ab5176c6cdf0fd6ac5	Trust: 0.1
title:	IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=443b53fd5630b4348dc744a4e12c5e7e	Trust: 0.1
title:	Red Hat: Moderate: httpd24 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183558 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8a056bd2177d12192b11798b7ac3e013	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	enforcer	url:	https://github.com/ibrokethecloud/enforcer	Trust: 0.1
title:	TrivyWeb	url:	https://github.com/KorayAgaya/TrivyWeb	Trust: 0.1
title:	github_aquasecurity_trivy	url:	https://github.com/back8/github_aquasecurity_trivy	Trust: 0.1
title:	Vulnerability-Scanner-for-Containers	url:	https://github.com/t31m0/Vulnerability-Scanner-for-Containers	Trust: 0.1
title:	security	url:	https://github.com/umahari/security	Trust: 0.1
title:	trivy	url:	https://github.com/siddharthraopotukuchi/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/simiyo/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/aquasecurity/trivy	Trust: 0.1
title:	trivy	url:	https://github.com/knqyf263/trivy	Trust: 0.1

sources: VULMON: CVE-2018-14618 // JVNDB: JVNDB-2018-013634 // CNNVD: CNNVD-201809-215

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14618	Trust: 3.5
db:	SIEMENS	id:	SSA-436177	Trust: 2.0
db:	ICS CERT	id:	ICSA-19-099-04	Trust: 1.8
db:	SECTRACK	id:	1041605	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013634	Trust: 0.8
db:	PACKETSTORM	id:	152034	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0783	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0795	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0473	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-215	Trust: 0.6
db:	BID	id:	107835	Trust: 0.3
db:	VULMON	id:	CVE-2018-14618	Trust: 0.1
db:	PACKETSTORM	id:	149396	Trust: 0.1
db:	PACKETSTORM	id:	149395	Trust: 0.1
db:	PACKETSTORM	id:	153792	Trust: 0.1
db:	PACKETSTORM	id:	149247	Trust: 0.1
db:	PACKETSTORM	id:	149249	Trust: 0.1
db:	PACKETSTORM	id:	150307	Trust: 0.1

sources: VULMON: CVE-2018-14618 // BID: 107835 // JVNDB: JVNDB-2018-013634 // PACKETSTORM: 152034 // PACKETSTORM: 149396 // PACKETSTORM: 149395 // PACKETSTORM: 153792 // PACKETSTORM: 149247 // PACKETSTORM: 149249 // PACKETSTORM: 150307 // CNNVD: CNNVD-201809-215 // NVD: CVE-2018-14618

REFERENCES

url:	https://curl.haxx.se/docs/cve-2018-14618.html	Trust: 2.2
url:	https://usn.ubuntu.com/3765-1/	Trust: 2.1
url:	https://access.redhat.com/errata/rhsa-2018:3558	Trust: 2.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-14618	Trust: 2.0
url:	https://www.debian.org/security/2018/dsa-4286	Trust: 2.0
url:	https://usn.ubuntu.com/3765-2/	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf	Trust: 2.0
url:	https://security.gentoo.org/glsa/201903-03	Trust: 1.8
url:	http://www.securitytracker.com/id/1041605	Trust: 1.7
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0014	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14618	Trust: 1.4
url:	https://access.redhat.com/errata/rhsa-2019:1880	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14618	Trust: 0.9
url:	https://www.us-cert.gov/ics/advisories/icsa-19-099-04	Trust: 0.8
url:	http://www.ibm.com/support/docview.wss	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76910	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76998	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870676	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affects-ibm-cloud-pak-system-cve-2018-14618/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870936	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10791573	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1173136	Trust: 0.6
url:	https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10791553	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143490	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75618	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2018-14618	Trust: 0.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-099-04	Trust: 0.4
url:	https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch	Trust: 0.3
url:	http://curl.haxx.se/	Trust: 0.3
url:	https://github.com/falconindy/curl/commit/e6c2dea7ddd2ed63a78576b176fdbd0b3f132e31	Trust: 0.3
url:	https://usn.ubuntu.com/usn/usn-3765-1	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=58865	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3822	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16840	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3823	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16839	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3765-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.17	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/curl	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1301	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8625	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000007	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-15710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-8816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000254	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8617	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000120	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8616	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000301	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-15715	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-rhscl-changes-httpd	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5419	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000100	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5421	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8617	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8616	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-9586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1312	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1333	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7141	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1303	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000007	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5419	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5420	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8620	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000101	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-7167	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000122	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5421	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000257	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000257	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8622	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000101	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-8817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000254	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5420	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-7141	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8618	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000100	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-11763	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7167	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8623	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8618	Trust: 0.1

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201809-215

SOURCES

db:	VULMON	id:	CVE-2018-14618
db:	BID	id:	107835
db:	JVNDB	id:	JVNDB-2018-013634
db:	PACKETSTORM	id:	152034
db:	PACKETSTORM	id:	149396
db:	PACKETSTORM	id:	149395
db:	PACKETSTORM	id:	153792
db:	PACKETSTORM	id:	149247
db:	PACKETSTORM	id:	149249
db:	PACKETSTORM	id:	150307
db:	CNNVD	id:	CNNVD-201809-215
db:	NVD	id:	CVE-2018-14618

LAST UPDATE DATE

2024-11-21T22:53:45.987000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-14618	date:	2019-04-22T00:00:00
db:	BID	id:	107835	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-013634	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201809-215	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2018-14618	date:	2019-04-22T17:48:00.643

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-14618	date:	2018-09-05T00:00:00
db:	BID	id:	107835	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-013634	date:	2019-02-27T00:00:00
db:	PACKETSTORM	id:	152034	date:	2019-03-11T18:48:31
db:	PACKETSTORM	id:	149396	date:	2018-09-17T23:44:00
db:	PACKETSTORM	id:	149395	date:	2018-09-17T23:23:00
db:	PACKETSTORM	id:	153792	date:	2019-07-29T18:57:40
db:	PACKETSTORM	id:	149247	date:	2018-09-06T14:14:48
db:	PACKETSTORM	id:	149249	date:	2018-09-06T14:15:01
db:	PACKETSTORM	id:	150307	date:	2018-11-13T18:02:16
db:	CNNVD	id:	CNNVD-201809-215	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-14618	date:	2018-09-05T19:29:00.420