RHSA-2020:1792-01 -- Redhat curlID: oval:org.secpod.oval:def:66798 | Date: (C)2020-11-09 (M)2023-04-06 |
Class: PATCH | Family: unix |
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: double free due to subsequent call of realloc * curl: heap buffer overflow in function tftp_receive_packet * curl: TFTP receive heap buffer overflow in tftp_receive_packet function For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.2 Release Notes linked from the References section.