Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:069 ] curl

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1236387069-6173-2185

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:069

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : curl

Date : March 6, 2009

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A security vulnerability has been identified and fixed in curl, which

could allow remote HTTP servers to (1) trigger arbitrary requests to

intranet servers, (2) read or overwrite arbitrary files via a redirect

to a file: URL, or (3) execute arbitrary commands via a redirect to

an scp: URL (CVE-2009-0037).

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

67e1fb1335abc2721ce040ce5ebffcb1 2008.0/i586/curl-7.16.4-2.1mdv2008.0.i586.rpm

605b696753bcaba3f7bca0080e454a03 2008.0/i586/libcurl4-7.16.4-2.1mdv2008.0.i586.rpm

0d765f46a89a73af026ffcd5ab0bf375 2008.0/i586/libcurl-devel-7.16.4-2.1mdv2008.0.i586.rpm

5b41fd64ace9251752278ab51c485283 2008.0/SRPMS/curl-7.16.4-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

cbb9fafd973426a0a572ed7c0c58a556 2008.0/x86_64/curl-7.16.4-2.1mdv2008.0.x86_64.rpm

cd427c136cf760b06ec4f8530f0c6d6d 2008.0/x86_64/lib64curl4-7.16.4-2.1mdv2008.0.x86_64.rpm

5e5fabf4303b50f68ea2ea3ca6c0819e 2008.0/x86_64/lib64curl-devel-7.16.4-2.1mdv2008.0.x86_64.rpm

5b41fd64ace9251752278ab51c485283 2008.0/SRPMS/curl-7.16.4-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

372d19020afefeef9d9c076fdbcfe927 2008.1/i586/curl-7.18.0-1.1mdv2008.1.i586.rpm

8bc3d07c59a1ba1da24ecfe7ecea99ba 2008.1/i586/curl-examples-7.18.0-1.1mdv2008.1.i586.rpm

691fd3f6beb73d0c273ba22dd8edcf84 2008.1/i586/libcurl4-7.18.0-1.1mdv2008.1.i586.rpm

f40887d0d032930f77486e9e41360ad6 2008.1/i586/libcurl-devel-7.18.0-1.1mdv2008.1.i586.rpm

e9648a229edfb28f7fa366c833517573 2008.1/SRPMS/curl-7.18.0-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

708a7b7555fc5de3fa5fe984aa2f5a62 2008.1/x86_64/curl-7.18.0-1.1mdv2008.1.x86_64.rpm

54c16d007a21e88af81907c60c3846de 2008.1/x86_64/curl-examples-7.18.0-1.1mdv2008.1.x86_64.rpm

e01f05c2973809b42dbbc86ecd42845b 2008.1/x86_64/lib64curl4-7.18.0-1.1mdv2008.1.x86_64.rpm

c09950e7fcc52961f95c2aae7a83af39 2008.1/x86_64/lib64curl-devel-7.18.0-1.1mdv2008.1.x86_64.rpm

e9648a229edfb28f7fa366c833517573 2008.1/SRPMS/curl-7.18.0-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

12514e678a4b04123f00bc422fcf9a3a 2009.0/i586/curl-7.19.0-2.2mdv2009.0.i586.rpm

4a250c02f083f2729cfe7d23c903a386 2009.0/i586/curl-examples-7.19.0-2.2mdv2009.0.i586.rpm

f6b909859eec695f753ddba2d716b5a2 2009.0/i586/libcurl4-7.19.0-2.2mdv2009.0.i586.rpm

e5a953b568c4b8ccebe66a300885747d 2009.0/i586/libcurl-devel-7.19.0-2.2mdv2009.0.i586.rpm

ebf22a3c6aa9e18847ec6c3311beb64b 2009.0/SRPMS/curl-7.19.0-2.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

e799091f80c2c44b629fc144b48effa1 2009.0/x86_64/curl-7.19.0-2.2mdv2009.0.x86_64.rpm

227315c6aefc62e9a1dd7750a3b0d81a 2009.0/x86_64/curl-examples-7.19.0-2.2mdv2009.0.x86_64.rpm

69c5335dcbe6f08fc67582bb5862ed55 2009.0/x86_64/lib64curl4-7.19.0-2.2mdv2009.0.x86_64.rpm

f01ec9b830763e5f01d799da687ec605 2009.0/x86_64/lib64curl-devel-7.19.0-2.2mdv2009.0.x86_64.rpm

ebf22a3c6aa9e18847ec6c3311beb64b 2009.0/SRPMS/curl-7.19.0-2.2mdv2009.0.src.rpm

 

Corporate 3.0:

4df533f45f46c2891c87dcc108aa05e6 corporate/3.0/i586/curl-7.11.0-2.3.C30mdk.i586.rpm

bbb9558c954aa6b881db878e3cb5e340 corporate/3.0/i586/libcurl2-7.11.0-2.3.C30mdk.i586.rpm

3373382bebf28906bcb2c8a00e129ce0 corporate/3.0/i586/libcurl2-devel-7.11.0-2.3.C30mdk.i586.rpm

45d58f4c743fd8cd0b44836ade158c85 corporate/3.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

ca7ddd09a8a21b18a8a7ab32ab49516c corporate/3.0/x86_64/curl-7.11.0-2.3.C30mdk.x86_64.rpm

3323f2165b8f0df55263222ca8bf1f0a corporate/3.0/x86_64/lib64curl2-7.11.0-2.3.C30mdk.x86_64.rpm

3ea5fa46f598f2008296781c5b613e7f corporate/3.0/x86_64/lib64curl2-devel-7.11.0-2.3.C30mdk.x86_64.rpm

45d58f4c743fd8cd0b44836ade158c85 corporate/3.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm

 

Corporate 4.0:

17241516d56baf7ba941065eed496ff5 corporate/4.0/i586/curl-7.14.0-2.3.20060mdk.i586.rpm

9fbef738cadfc9158b3eec6cfaf66507 corporate/4.0/i586/libcurl3-7.14.0-2.3.20060mdk.i586.rpm

0f934115755545407f79eada30feda35 corporate/4.0/i586/libcurl3-devel-7.14.0-2.3.20060mdk.i586.rpm

132009109cdf739189bc194c222080dc corporate/4.0/SRPMS/curl-7.14.0-2.3.20060mdk.src.rpm

 

Corporate 4.0/X86_64:

367d03b3f185b9ad37fd5c28e0ea956b corporate/4.0/x86_64/curl-7.14.0-2.3.20060mdk.x86_64.rpm

11353510721cc81b4d47defcdff0c655 corporate/4.0/x86_64/lib64curl3-7.14.0-2.3.20060mdk.x86_64.rpm

4b0f21ce51e858915ba7a403365d8c3b corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.3.20060mdk.x86_64.rpm

132009109cdf739189bc194c222080dc corporate/4.0/SRPMS/curl-7.14.0-2.3.20060mdk.src.rpm

 

Multi Network Firewall 2.0:

2319fdfd00d3cc01d7c219f7fafc2e4d mnf/2.0/i586/curl-7.11.0-2.3.C30mdk.i586.rpm

a14ae20d122b773438335669b258c7fa mnf/2.0/i586/libcurl2-7.11.0-2.3.C30mdk.i586.rpm

6b6235adcac53c26ae2f96c824db5fe7 mnf/2.0/i586/libcurl2-devel-7.11.0-2.3.C30mdk.i586.rpm

bf370dbbaed4785446495eb94d4d8c39 mnf/2.0/SRPMS/curl-7.11.0-2.3.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJsZacmqjQ0CJFipgRAvzaAKDcbRIdXyZINwGJzH0leUmSPF2OoACfZH/6

eN2UMLpTDvoCyXXeRz3oDpc=

=37RE

-----END PGP SIGNATURE-----

 

 

------------=_1236387069-6173-2185

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1236387069-6173-2185--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×