CVE-2017-2628 curl

Metadata

unknown
unknown
curl
CVE-2017-2628
2018-03-14 05:03
CVE-2017-2628
2018-03-12 17:35
2017-06-18 07:50
2017-04-01 19:41
2017-03-29 10:03

Description

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch curl
jessie curl
buster curl
wheezy curl
sid curl