Chapter 3. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2016-0718

Moderate

expat: Out-of-bounds heap read on crafted input causing crash

CVE-2016-7167

Low

curl: escape and unescape integer overflows

CVE-2016-8615

Moderate

curl: Cookie injection for other servers

CVE-2016-8616

Low

curl: Case insensitive password comparison

CVE-2016-8617

Moderate

curl: Out-of-bounds write via unchecked multiplication

CVE-2016-8618

Moderate

curl: Double-free in curl_maprintf

CVE-2016-8619

Moderate

curl: Double-free in krb5 code

CVE-2016-8621

Low

curl: curl_getdate out-of-bounds read

CVE-2016-8622

Low

curl: URL unescape heap overflow via integer truncation

CVE-2016-8623

Low

curl: Use-after-free via shared cookies

CVE-2016-8624

Moderate

curl: Invalid URL parsing with '#'

CVE-2016-8625

Moderate

curl: IDNA 2003 makes curl use wrong host

CVE-2016-9598

Moderate

libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)

CVE-2017-6004

Moderate

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)

CVE-2017-7186

Moderate

pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)

CVE-2017-7244

Low

pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)

CVE-2017-7245

Low

pcre: stack-based buffer overflow write in pcre32_copy_substring

CVE-2017-7246

Low

pcre: stack-based buffer overflow write in pcre32_copy_substring

CVE-2017-1000254

Moderate

curl: FTP PWD response parser out of bounds read

CVE-2017-1000257

Moderate

curl: IMAP FETCH response out of bounds read

CVE-2018-0500

Moderate

curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP