2GB password?
Wednesday, 2018/Sep/05 16:14
Subject: [SECURITY] [DSA 4286-1] curl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4286-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
September 05, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2018-14618
Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.
See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Who comes up with ideas like feeding 2GB into the "password" prompt?
(If you did have a 2gb password, what are the odds you could enter it correctly? ☺)
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/1015123.html on Dreamwidth (where there are
comments).]
Subject: [SECURITY] [DSA 4286-1] curl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4286-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
September 05, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2018-14618
Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.
See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Who comes up with ideas like feeding 2GB into the "password" prompt?
(If you did have a 2gb password, what are the odds you could enter it correctly? ☺)
[This entry was originally posted as https://syntonic-comma.dreamwidth.org/1015123.html on Dreamwidth (where there are
comments).]