Wind River Support Network

HomeDefectsLIN6-11899
Fixed

LIN6-11899 : Security Advisory - libcurl - CVE-2016-8616

Created: Oct 31, 2016    Updated: Dec 3, 2018
Resolved Date: Nov 8, 2016
Found In Version: 6.0
Fix Version: 6.0.0.32
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

INFO
----

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2016-XXXX to this issue.

AFFECTED VERSIONS
-----------------

This flaw exists in the following curl versions.

- Affected versions: curl 7.7 to and including 7.50.3
- Not affected versions: curl < 7.7 and curl >= 7.51.0

libcurl is used by many applications, but not always advertised as such!

THE SOLUTION
------------

In version 7.51.0, these functions will deny negative string lengths from
being used.

A [patch for CVE-2016-XXXX](https://curl.haxx.se/s3c/B.patch) is
available.

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

  A - Upgrade curl and libcurl to version 7.51.0

  B - Apply the patch to your version and rebuild

Other Downloads


Live chat
Online