ELA-54-1 curl security update

buffer overflow

Related CVEs CVE-2018-16842

Brian Carpenter discovered that the logic in the curl tool to wrap error messages at 80 columns is flawed, leading to a read buffer overflow if a single word in the message is itself longer than 80 bytes.

For Debian 7 Wheezy, these problems have been fixed in version 7.26.0-1+wheezy25+deb7u3.

We recommend that you upgrade your curl packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.