[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UsAzZ-0002YA-2j@titan.mandriva.com>
Date: Thu, 27 Jun 2013 14:08:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:180 ] curl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:180
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : curl
Date : June 27, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in curl:
libcurl is vulnerable to a case of bad checking of the input data
which may lead to heap corruption. The function curl_easy_unescape()
decodes URL encoded strings to raw binary data. URL encoded octets are
represented with \%HH combinations where HH is a two-digit hexadecimal
number. The decoded string is written to an allocated memory area
that the function returns to the caller (CVE-2013-2174).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174
http://curl.haxx.se/docs/adv_20130622.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
b67f07d5bfef732e46c73127186a4bc3 mes5/i586/curl-7.19.0-2.7mdvmes5.2.i586.rpm
6a067acb5315f6bd23307fda4da508ad mes5/i586/curl-examples-7.19.0-2.7mdvmes5.2.i586.rpm
a7c6c2f0a0cd1060b8a7a1ebc58fabaa mes5/i586/libcurl4-7.19.0-2.7mdvmes5.2.i586.rpm
69558e117e489d890a0c316ee65f5af5 mes5/i586/libcurl-devel-7.19.0-2.7mdvmes5.2.i586.rpm
f9d1dffcfdfba6f5bf562367c855cdbd mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
84136245be8d68485b44098b13978e2b mes5/x86_64/curl-7.19.0-2.7mdvmes5.2.x86_64.rpm
0ad99a19f59cc109d3d54690360e3e14 mes5/x86_64/curl-examples-7.19.0-2.7mdvmes5.2.x86_64.rpm
10b8613b86eee782dc3cf3b2c636054a mes5/x86_64/lib64curl4-7.19.0-2.7mdvmes5.2.x86_64.rpm
5ce1e7e7564ed6f4d54cb9aba9a0c25c mes5/x86_64/lib64curl-devel-7.19.0-2.7mdvmes5.2.x86_64.rpm
f9d1dffcfdfba6f5bf562367c855cdbd mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
a058a7d1693791161fb8df94484242a3 mbs1/x86_64/curl-7.24.0-2.2.mbs1.x86_64.rpm
e5a95ff0b6e939678e03899d93b3bf4c mbs1/x86_64/curl-examples-7.24.0-2.2.mbs1.x86_64.rpm
44eef308df01e82fb67ef420cef9a52d mbs1/x86_64/lib64curl4-7.24.0-2.2.mbs1.x86_64.rpm
6f1e301a381d5ffc7cf8380918ab34ee mbs1/x86_64/lib64curl-devel-7.24.0-2.2.mbs1.x86_64.rpm
d51e83363cf2bf8586137e2ec60c4f96 mbs1/SRPMS/curl-7.24.0-2.2.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRy/9rmqjQ0CJFipgRAoECAJ91OymO0S93QW+5QBG4UkmauzlJjwCgqBTJ
68iHiQwidCQQHiHxidA3BTs=
=oJLi
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists