Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 665292 (CVE-2018-14618) - <net-misc/curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-14618)
Summary: <net-misc/curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-...
Status: RESOLVED FIXED
Alias: CVE-2018-14618
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
Blocks:
  Show dependency tree
 
Reported: 2018-09-05 17:34 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-10 19:48 UTC (History)
2 users (show)

See Also:
Package list:
net-misc/curl-7.61.1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-09-05 17:34:23 UTC
CVE-2018-14618 (https://nvd.nist.gov/vuln/detail/CVE-2018-14618):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.


@maintainer please call for stabilization when ready. Thank you
Comment 1 Anthony Basile gentoo-dev 2018-09-05 18:46:45 UTC
curl-7.61.1.ebuild is in the tree and should be rapid stabilized.

KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Rolf Eike Beer archtester 2018-09-05 19:10:24 UTC
I guess the package list would be =net-misc/curl-7.61.1 then?
Comment 3 Agostino Sarubbo gentoo-dev 2018-09-06 15:27:12 UTC
amd64 stable
Comment 4 Rolf Eike Beer archtester 2018-09-06 20:13:19 UTC
sparc done.
Comment 5 Mart Raudsepp gentoo-dev 2018-09-07 09:57:02 UTC
arm64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:14:25 UTC
hppa stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:17:34 UTC
ia64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:20:00 UTC
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:22:12 UTC
ppc64 stable
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-09 01:13:07 UTC
x86 stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-09-09 11:52:08 UTC
Done
Comment 12 Larry the Git Cow gentoo-dev 2018-09-21 16:42:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6681b26b2091f8ea5414a03bf79d1459cc197c96

commit 6681b26b2091f8ea5414a03bf79d1459cc197c96
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2018-09-21 16:41:27 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-09-21 16:41:27 +0000

    net-misc/curl: Security cleanup
    
    Bug: https://bugs.gentoo.org/665292
    Bug: https://bugs.gentoo.org/660894
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 net-misc/curl/Manifest              |   2 -
 net-misc/curl/curl-7.60.0-r1.ebuild | 247 ------------------------------------
 net-misc/curl/curl-7.60.0.ebuild    | 247 ------------------------------------
 net-misc/curl/curl-7.61.0.ebuild    | 247 ------------------------------------
 4 files changed, 743 deletions(-)
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2019-03-10 19:48:59 UTC
This issue was resolved and addressed in
 GLSA 201903-03 at https://security.gentoo.org/glsa/201903-03
by GLSA coordinator Aaron Bauman (b-man).