lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NsnMA-0000EH-9L@titan.mandriva.com>
Date: Sat, 20 Mar 2010 02:20:02 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:062 ] curl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:062
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : curl
 Date    : March 19, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in curl:
 
 content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is
 enabled, does not properly restrict the amount of callback data sent
 to an application that requests automatic decompression, which might
 allow remote attackers to cause a denial of service (application
 crash) or have unspecified other impact by sending crafted compressed
 data to an application that relies on the intended data-length limit
 (CVE-2010-0734).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct theis issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 3b9700f3becc35f9479762f8d8118005  2008.0/i586/curl-7.16.4-2.3mdv2008.0.i586.rpm
 58edc5e841606c3501beeddc71309a44  2008.0/i586/libcurl4-7.16.4-2.3mdv2008.0.i586.rpm
 1c5d61cb13b75182ea24e1eb91ea9022  2008.0/i586/libcurl-devel-7.16.4-2.3mdv2008.0.i586.rpm 
 91f4758aac7a219f91963ce076fb8e08  2008.0/SRPMS/curl-7.16.4-2.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 59dda0d139c914b0764a1525aedd9e2b  2008.0/x86_64/curl-7.16.4-2.3mdv2008.0.x86_64.rpm
 ce13767698748c5d509e8fd6823b16cf  2008.0/x86_64/lib64curl4-7.16.4-2.3mdv2008.0.x86_64.rpm
 3d7463fc2250204ed0b4a88c5d981901  2008.0/x86_64/lib64curl-devel-7.16.4-2.3mdv2008.0.x86_64.rpm 
 91f4758aac7a219f91963ce076fb8e08  2008.0/SRPMS/curl-7.16.4-2.3mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 8cdbd92df1a130ba9dcb2b18cc3b97a2  2009.0/i586/curl-7.19.0-2.4mdv2009.0.i586.rpm
 06be4cf361e00458ca9f6f6448bfd1aa  2009.0/i586/curl-examples-7.19.0-2.4mdv2009.0.i586.rpm
 862148fd41195d65dd7dbdcc5a1a0d3c  2009.0/i586/libcurl4-7.19.0-2.4mdv2009.0.i586.rpm
 3c32ba7af388e7351ee0cb963a803443  2009.0/i586/libcurl-devel-7.19.0-2.4mdv2009.0.i586.rpm 
 5569a1c539f8cd5639f568a46e7736e0  2009.0/SRPMS/curl-7.19.0-2.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2bc00188f2f8823f00899edfaf6f1950  2009.0/x86_64/curl-7.19.0-2.4mdv2009.0.x86_64.rpm
 c1443c8c88cf182b593c3a3c523f77b6  2009.0/x86_64/curl-examples-7.19.0-2.4mdv2009.0.x86_64.rpm
 16dc3853657e667545bc20af1e7436bb  2009.0/x86_64/lib64curl4-7.19.0-2.4mdv2009.0.x86_64.rpm
 3cad511e60155ed7ad4b1076e66e58f5  2009.0/x86_64/lib64curl-devel-7.19.0-2.4mdv2009.0.x86_64.rpm 
 5569a1c539f8cd5639f568a46e7736e0  2009.0/SRPMS/curl-7.19.0-2.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 15a8fde0e07a6ac7e4e09bbad25d33dd  2009.1/i586/curl-7.19.4-1.1mdv2009.1.i586.rpm
 89207880380ba85543bd13e145199b71  2009.1/i586/curl-examples-7.19.4-1.1mdv2009.1.i586.rpm
 b49e88d047d05ef28e1d1d4452a1808d  2009.1/i586/libcurl4-7.19.4-1.1mdv2009.1.i586.rpm
 80477218d684b9e43e6e8adb1f2f3e50  2009.1/i586/libcurl-devel-7.19.4-1.1mdv2009.1.i586.rpm 
 16bb01108d6dda2be2495e45c2669958  2009.1/SRPMS/curl-7.19.4-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 acce92bd77632cff44d681d4de8481ab  2009.1/x86_64/curl-7.19.4-1.1mdv2009.1.x86_64.rpm
 1517c5562a4fe98d8a09ca3e81abd4f1  2009.1/x86_64/curl-examples-7.19.4-1.1mdv2009.1.x86_64.rpm
 0946b748e6b23013cb68db4748b3e731  2009.1/x86_64/lib64curl4-7.19.4-1.1mdv2009.1.x86_64.rpm
 60566c2bbc2ea405b48830b54ec6189f  2009.1/x86_64/lib64curl-devel-7.19.4-1.1mdv2009.1.x86_64.rpm 
 16bb01108d6dda2be2495e45c2669958  2009.1/SRPMS/curl-7.19.4-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 ecd86c44d5f8aaff8c9c2361d9f3896b  2010.0/i586/curl-7.19.6-3.1mdv2010.0.i586.rpm
 89d8674862c81e9188758b81fa4b2121  2010.0/i586/curl-examples-7.19.6-3.1mdv2010.0.i586.rpm
 5090bbf68e7ded8ef1e67845c13f28ab  2010.0/i586/libcurl4-7.19.6-3.1mdv2010.0.i586.rpm
 e545ee4b79873bfeeccb73ec166b6536  2010.0/i586/libcurl-devel-7.19.6-3.1mdv2010.0.i586.rpm 
 cef8204400fc2780819f929e0d664ea1  2010.0/SRPMS/curl-7.19.6-3.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 02f4d1ee6459c06bc51c43ef1ae7dc7a  2010.0/x86_64/curl-7.19.6-3.1mdv2010.0.x86_64.rpm
 4417f2b6a5d0f5a8ebfbed90e524f5ac  2010.0/x86_64/curl-examples-7.19.6-3.1mdv2010.0.x86_64.rpm
 dd05912726d564c779c3c890ff537b07  2010.0/x86_64/lib64curl4-7.19.6-3.1mdv2010.0.x86_64.rpm
 10c8dc60a6c64c22a7f8dbd100955c9e  2010.0/x86_64/lib64curl-devel-7.19.6-3.1mdv2010.0.x86_64.rpm 
 cef8204400fc2780819f929e0d664ea1  2010.0/SRPMS/curl-7.19.6-3.1mdv2010.0.src.rpm

 Corporate 4.0:
 75f31c808f0fe1d04a1919a50c3950ae  corporate/4.0/i586/curl-7.14.0-2.5.20060mlcs4.i586.rpm
 8709d1eab88253ad429fbef0cf6a4af0  corporate/4.0/i586/libcurl3-7.14.0-2.5.20060mlcs4.i586.rpm
 d72194e4561e0621497dcc605e6d3fd4  corporate/4.0/i586/libcurl3-devel-7.14.0-2.5.20060mlcs4.i586.rpm 
 783cf9616effb3ca339b557f55f78f8f  corporate/4.0/SRPMS/curl-7.14.0-2.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1e4d26e8f0b3ab500e25065f1d11e490  corporate/4.0/x86_64/curl-7.14.0-2.5.20060mlcs4.x86_64.rpm
 adcfc892f29fd43810f1f808dc51548e  corporate/4.0/x86_64/lib64curl3-7.14.0-2.5.20060mlcs4.x86_64.rpm
 f25c93fe73f19a7f4669541926e11c49  corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.5.20060mlcs4.x86_64.rpm 
 783cf9616effb3ca339b557f55f78f8f  corporate/4.0/SRPMS/curl-7.14.0-2.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 3f8eea4f36bee7a06c0f7c063fe920a7  mes5/i586/curl-7.19.0-2.4mdvmes5.i586.rpm
 df37df4ef6884906620769cdb4c9cea2  mes5/i586/curl-examples-7.19.0-2.4mdvmes5.i586.rpm
 026cd500cff6a23fa2b06b6b56f26bec  mes5/i586/libcurl4-7.19.0-2.4mdvmes5.i586.rpm
 0c09fece31ee0445dd0fec878484708a  mes5/i586/libcurl-devel-7.19.0-2.4mdvmes5.i586.rpm 
 d102738ff3c559952c6dc6478dee0df4  mes5/SRPMS/curl-7.19.0-2.4mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 6ba687eea8c90ed431d53368de7f5576  mes5/x86_64/curl-7.19.0-2.4mdvmes5.x86_64.rpm
 12557f186c611d636ebb8a52ccff426a  mes5/x86_64/curl-examples-7.19.0-2.4mdvmes5.x86_64.rpm
 0466c50273c7db7b723777a58f5b4587  mes5/x86_64/lib64curl4-7.19.0-2.4mdvmes5.x86_64.rpm
 e198157d07ebaaf8b1413f370b1fae2c  mes5/x86_64/lib64curl-devel-7.19.0-2.4mdvmes5.x86_64.rpm 
 d102738ff3c559952c6dc6478dee0df4  mes5/SRPMS/curl-7.19.0-2.4mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 27f87a6f0f1940d9b541c7f2e650603c  mnf/2.0/i586/curl-7.11.0-2.5.M20mdk.i586.rpm
 7d25724592e67047e35bb76b466dde5b  mnf/2.0/i586/libcurl2-7.11.0-2.5.M20mdk.i586.rpm
 c1d7e9ddaffe9a221a6ddea6e32d43ed  mnf/2.0/i586/libcurl2-devel-7.11.0-2.5.M20mdk.i586.rpm 
 ed5728fd99cef864100de142ee2039ff  mnf/2.0/SRPMS/curl-7.11.0-2.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLo/D0mqjQ0CJFipgRAhgEAKCQunr2q6HysglXPmluTn2QQqz7ngCcDiKX
RtR93loskahsQKDwC/Bqq7I=
=Iv6E
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ