• info
• discussion
• exploit
• solution
• references

cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.


Daniel Stenberg curl 7.16.3

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Debian Linux 5.0 alpha

• Debian curl_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny 4_alpha.deb


• Debian libcurl3-dbg_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18. 2-8lenny4_alpha.deb


• Debian libcurl3-gnutls_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7. 18.2-8lenny4_alpha.deb


• Debian libcurl3_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8l enny4_alpha.deb


• Debian libcurl4-gnutls-dev_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-de v_7.18.2-8lenny4_alpha.deb


• Debian libcurl4-openssl-dev_7.18.2-8lenny4_alpha.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-d ev_7.18.2-8lenny4_alpha.deb

Mandriva Linux Mandrake 2008.0

• Mandriva curl-7.16.4-2.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcurl-devel-7.16.4-2.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcurl4-7.16.4-2.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 armel

• Debian curl_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny 4_armel.deb


• Debian libcurl3-dbg_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18. 2-8lenny4_armel.deb


• Debian libcurl3-gnutls_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7. 18.2-8lenny4_armel.deb


• Debian libcurl3_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8l enny4_armel.deb


• Debian libcurl4-gnutls-dev_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-de v_7.18.2-8lenny4_armel.deb


• Debian libcurl4-openssl-dev_7.18.2-8lenny4_armel.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-d ev_7.18.2-8lenny4_armel.deb

Apple Mac OS X 10.6

• Apple MacOSXUpdCombo10.6.4.dmg
  http://www.apple.com/support/downloads/

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva curl-7.19.0-2.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva curl-examples-7.19.0-2.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64curl-devel-7.19.0-2.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64curl4-7.19.0-2.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 sparc

• Debian curl_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny 4_sparc.deb


• Debian libcurl3-dbg_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18. 2-8lenny4_sparc.deb


• Debian libcurl3-gnutls_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7. 18.2-8lenny4_sparc.deb


• Debian libcurl3_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8l enny4_sparc.deb


• Debian libcurl4-gnutls-dev_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-de v_7.18.2-8lenny4_sparc.deb


• Debian libcurl4-openssl-dev_7.18.2-8lenny4_sparc.deb
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-d ev_7.18.2-8lenny4_sparc.deb

Mandriva Linux Mandrake 2009.1 x86_64

• Mandriva curl-7.19.4-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva curl-examples-7.19.4-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64curl-devel-7.19.4-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64curl4-7.19.4-1.1mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

• Mandriva curl-7.19.0-2.4mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva curl-examples-7.19.0-2.4mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcurl-devel-7.19.0-2.4mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcurl4-7.19.0-2.4mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X 10.6.1

• Apple MacOSXUpdCombo10.6.4.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.3

• Apple MacOSXUpd10.6.4.dmg
  http://www.apple.com/support/downloads/

Daniel Stenberg curl 7.1

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.10

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.10.1

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.10.3

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.10.7

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.10.8

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.11.2

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.13.1

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.14

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.15

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.17

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.2

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.4.2

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.5

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.5.1

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.7.1

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.8.2

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.9.3

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch

Daniel Stenberg curl 7.9.7

• Daniel Stenberg libcurl-contentencoding.patch
  http://curl.haxx.se/libcurl-contentencoding.patch