BugTraq
[ MDVSA-2013:151 ] curl Apr 26 2013 09:39AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:151
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : curl
Date : April 26, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Updated curl packages fix security vulnerability:

libcurl is vulnerable to a cookie leak vulnerability when doing
requests across domains with matching tails. This vulnerability can be
used to hijack sessions in targetted attacks since registering domains
using a known domain's name as an ending is trivial (CVE-2013-1944).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
f0521b89d652d1c45bfeff5f9aea5af7 mes5/i586/curl-7.19.0-2.6mdvmes5.2.i586.rpm
daf9daaf4e61d1febab693f970fa52a8 mes5/i586/curl-examples-7.19.0-2.6mdvmes5.2.i586.rpm
077a55e5c750e32b8859174778c779db mes5/i586/libcurl4-7.19.0-2.6mdvmes5.2.i586.rpm
1c893a591659bb28d4fdf8278ce615af mes5/i586/libcurl-devel-7.19.0-2.6mdvmes5.2.i586.rpm
d5b1ced5df5a5c8fc98db99abd8bbc0b mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
cedf0d881fdb2c36a1884bc5fe0efb63 mes5/x86_64/curl-7.19.0-2.6mdvmes5.2.x86_64.rpm
21a7b7ade9a334525bbe0725ba9bfa14 mes5/x86_64/curl-examples-7.19.0-2.6mdvmes5.2.x86_64.rpm
09ef67ca7acd8b5e86ffd53dd9944b92 mes5/x86_64/lib64curl4-7.19.0-2.6mdvmes5.2.x86_64.rpm
6470a7442aa71657fa22b137c2870e73 mes5/x86_64/lib64curl-devel-7.19.0-2.6mdvmes5.2.x86_64.rpm
d5b1ced5df5a5c8fc98db99abd8bbc0b mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
539dc5e1ada6bac459d752af6edb47b3 mbs1/x86_64/curl-7.24.0-2.1.mbs1.x86_64.rpm
d009466416305b1b6c2a1306601df21c mbs1/x86_64/curl-examples-7.24.0-2.1.mbs1.x86_64.rpm
e5144a110a6097bcd6b33e34f5158d73 mbs1/x86_64/lib64curl4-7.24.0-2.1.mbs1.x86_64.rpm
971ceabe6e9df96a446f582d17680c97 mbs1/x86_64/lib64curl-devel-7.24.0-2.1.mbs1.x86_64.rpm
32a96e2c01d201c50372c18e1fd6204a mbs1/SRPMS/curl-7.24.0-2.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFReh9XmqjQ0CJFipgRAt7JAKDvXle3q/mbz//KGUkbHHK4r/OzngCePZZm
TLRyRSJBiJSzfOKmTVLufgc=
=arVW
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus