New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 789479 link

Starred by 2 users
Status: Fixed
Owner:
mnissler@chromium.org
Closed: Dec 2017
Cc:
ssmadan@chromium.org
vapier@chromium.org
Components:
EstimatedDays: ----
NextAction: 2017-12-04
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: Multiple vulnerabilities in libcurl

Project Member Reported by mnissler@chromium.org, Nov 29 2017 
Curl 7.57 contains fixes for multiple security vulnerabilities:

CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

See

https://curl.haxx.se/docs/adv_2017-11e7.html
https://curl.haxx.se/docs/adv_2017-ae72.html
https://curl.haxx.se/docs/adv_2017-af0a.html

The NTLM one and FTP one are most likely unreachable in our curl usage. I believe the SSL one will be hard to exploit (no control over requested buffer size AFAIU). Potential to trigger these remotely though, so setting Medium severity and we should upgrade. Targeting M-63 which is imminent to become stable (will hopefully catch a refresh).

I'll give it a few days for the version bump to appear in portage upstream.
Project Member

Comment 1 by sheriffbot@chromium.org, Nov 29 2017

Labels: -Pri-2 Pri-1

Comment 2 by kerrnel@chromium.org, Dec 1 2017

Components: OS>Packages

Comment 3 by monor...@bugs.chromium.org, Dec 4 2017 

The NextAction date has arrived: 2017-12-04
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 5 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/41583aa6c4a450ead8fa5c05dcca4704569d194f

commit 41583aa6c4a450ead8fa5c05dcca4704569d194f
Author: Mattias Nissler <mnissler@chromium.org>
Date: Tue Dec 05 14:24:59 2017

net-misc/curl: Uprev to 7.57.0 from upstream

BUG= chromium:789479 
TEST=Compiles and passes tests.

Change-Id: Icf6806a169b9dd34b404b950b0232dd58e5211e7
Reviewed-on: https://chromium-review.googlesource.com/806218
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[rename] https://crrev.com/41583aa6c4a450ead8fa5c05dcca4704569d194f/net-misc/curl/curl-7.57.0.ebuild
[modify] https://crrev.com/41583aa6c4a450ead8fa5c05dcca4704569d194f/net-misc/curl/Manifest

Comment 5 by mnissler@chromium.org, Dec 6 2017

Status: Fixed (was: Assigned)
Project Member

Comment 6 by sheriffbot@chromium.org, Dec 6 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 7 by vapier@chromium.org, Dec 16 2017 

 Issue 795531  has been merged into this issue.

Comment 8 by mnissler@chromium.org, Jan 12 2018

Cc: ssmadan@chromium.org
Project Member

Comment 9 by sheriffbot@chromium.org, Mar 14 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, Mar 27 2018

Labels: -M-63 M-65

Sign in to add a comment