| Package | curl |
|---|---|
| Version | 7.26.0-1+wheezy25+deb7u3 |
| Related CVEs | CVE-2018-16842 |
Brian Carpenter discovered that the logic in the curl tool to wrap error messages at 80 columns is flawed, leading to a read buffer overflow if a single word in the message is itself longer than 80 bytes.
For Debian 7 Wheezy, these problems have been fixed in version 7.26.0-1+wheezy25+deb7u3.
We recommend that you upgrade your curl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.