Synopsis: Moderate: curl and nss-pem security and bug fix update Advisory ID: SLSA-2018:3157-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 -- Security Fix(es): * curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) * curl: RTSP RTP buffer over-read (CVE-2018-1000122) * curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301) * curl: LDAP NULL pointer dereference (CVE-2018-1000121) -- SL7 x86_64 curl-7.29.0-51.el7.x86_64.rpm curl-debuginfo-7.29.0-51.el7.i686.rpm curl-debuginfo-7.29.0-51.el7.x86_64.rpm libcurl-7.29.0-51.el7.i686.rpm libcurl-7.29.0-51.el7.x86_64.rpm nss-pem-1.0.3-5.el7.i686.rpm nss-pem-1.0.3-5.el7.x86_64.rpm nss-pem-debuginfo-1.0.3-5.el7.i686.rpm nss-pem-debuginfo-1.0.3-5.el7.x86_64.rpm libcurl-devel-7.29.0-51.el7.i686.rpm libcurl-devel-7.29.0-51.el7.x86_64.rpm - Scientific Linux Development Team