[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1D7KC3-0008KC-DB@updates.mandrakesoft.com>
Date: Fri, 04 Mar 2005 14:18:43 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:048 - Updated curl packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: curl
Advisory ID: MDKSA-2005:048
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
"infamous41md" discovered a buffer overflow vulnerability in
libcurl's NTLM authorization base64 decoding. This could allow a
remote attacker using a prepared remote server to execute arbitrary
code as the user running curl.
The updated packages are patched to deal with these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
5e359e1440af3150fff501af3337f8f6 10.0/RPMS/curl-7.11.0-2.1.100mdk.i586.rpm
ed2893b0a0cd269175cc8e27c2d04a06 10.0/RPMS/libcurl2-7.11.0-2.1.100mdk.i586.rpm
34d0da12d64d6f27d17fb0dd46676870 10.0/RPMS/libcurl2-devel-7.11.0-2.1.100mdk.i586.rpm
53b2ac18baa15810a7f0321d24bbdea8 10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
0386f15dd07dffdafcc74c8957a4dc00 amd64/10.0/RPMS/curl-7.11.0-2.1.100mdk.amd64.rpm
cb3ac9ad77a6e68e9f6d7bcdb8776bee amd64/10.0/RPMS/lib64curl2-7.11.0-2.1.100mdk.amd64.rpm
b5118a34cf3436c68ba3c0081a2681af amd64/10.0/RPMS/lib64curl2-devel-7.11.0-2.1.100mdk.amd64.rpm
53b2ac18baa15810a7f0321d24bbdea8 amd64/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm
Mandrakelinux 10.1:
a9a5c3b2af793fbfdc4f897a01788f27 10.1/RPMS/curl-7.12.1-1.1.101mdk.i586.rpm
caad27287f1db33094ac2171e6cfa860 10.1/RPMS/libcurl3-7.12.1-1.1.101mdk.i586.rpm
61bea15f364b11ba85ee708b48f8fe6a 10.1/RPMS/libcurl3-devel-7.12.1-1.1.101mdk.i586.rpm
e140c850303eb14c12b318538f2266ce 10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
9cc7757d89a688c3464f1f95a260d0eb x86_64/10.1/RPMS/curl-7.12.1-1.1.101mdk.x86_64.rpm
37ad8e8e677c36655b36be00d0243201 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.1.101mdk.x86_64.rpm
1328bfd561b123d7c49fc68345910c24 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.1.101mdk.x86_64.rpm
e140c850303eb14c12b318538f2266ce x86_64/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm
Corporate 3.0:
f99dfd0c67f16bbe2e57869c3c3ca7ea corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.i586.rpm
07547b2c4a4dc7051db43fd968af591d corporate/3.0/RPMS/libcurl2-7.11.0-2.1.C30mdk.i586.rpm
695e859f8cc2ec503188722b606854d4 corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.1.C30mdk.i586.rpm
8766893d25c2fccefa90d32f9da6500e corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
7ed8e6b6e1611c97c02b357482694a3c x86_64/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.x86_64.rpm
ff8bd600e1229333e14d25f9323a462d x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.1.C30mdk.x86_64.rpm
4c01c4a92bfeca71b818b723fd4752f4 x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.1.C30mdk.x86_64.rpm
8766893d25c2fccefa90d32f9da6500e x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCKNCzmqjQ0CJFipgRAt78AJsFipRsaya7hvNRZJuqqzzfHfuTmACcCk3C
W4mpZ0eoGSJzmPqDh+b9YfE=
=OWdi
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists