ELA-36-1 curl security update

Integer overflow

Packagecurl
Version7.26.0-1+wheezy25+deb7u2
Related CVE CVE-2018-14618

Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.

For Debian 7 Wheezy, these problems have been fixed in version 7.26.0-1+wheezy25+deb7u2.

We recommend that you upgrade your curl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/