stable

FEDORA-2018-7f83032de6 created by kdudka 3 years ago for Fedora 29
  • fix NTLM password overflow via integer overflow (CVE-2018-14618)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-7f83032de6

This update has been submitted for testing by kdudka.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon lnie commented & provided feedback 3 years ago
karma

test some basic functions,works as usual

User Icon dmach commented & provided feedback 3 years ago
karma

There's a performance regression that makes DNF unit tests run very slowly (from 2 seconds to about 20 seconds).

reproducer: git clone https://github.com/rpm-software-management/dnf.git cd dnf cmake . python3 -m nose tests -v

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 years ago
User Icon kdudka commented & provided feedback 3 years ago

@dmach Thanks for feedback! I have opened an issue upstream to clarify whether this is a bug of librepo or a bug of libcurl (or just unintended backward incompatibilty): https://github.com/curl/curl/issues/2948

User Icon kdudka commented & provided feedback 3 years ago

curl upstream says that the current behavior is correct and intended. The code of librepo needs to be fixed:

https://github.com/rpm-software-management/librepo/pull/134

User Icon pnemade commented & provided feedback 3 years ago
karma

yes basic functions worked fine

User Icon pwalter commented & provided feedback 3 years ago
karma

Works

User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

User Icon bowlofeggs commented & provided feedback 3 years ago
karma

I tested this on my web server and it seems to work.

User Icon kdudka commented & provided feedback 3 years ago

Thank you for testing the update!

This update has been submitted for batched by kdudka.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1625563 CVE-2018-14618 curl: NTLM password overflow via integer overflow [fedora-all]
0
0

Automated Test Results