DSA 1738-1: New curl packages fix arbitrary file access
Posted on: 03/11/2009 05:55 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1738-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 11th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : curl
Vulnerability : arbitrary file access
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0037
Debian Bug : 518423
BugTraq ID : 33962

David Kierznowski discovered that libcurl, a multi-protocol file transfer
library, when configured to follow URL redirects automatically, does not
question the new target location. As libcurl also supports file:// and
scp:// URLs - depending on the setup - an untrusted server could use that
to expose local files, overwrite local files or even execute arbitrary
code via a malicious URL redirect.

This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by
default does not include the scp and file protocol handlers.


For the oldstable distribution (etch) this problem has been fixed in
version 7.15.5-1etch2.

For the stable distribution (lenny) this problem has been fixed in
version 7.18.2-8lenny2.

For the unstable distribution (sid) this problem has been fixed in
version 7.18.2-8.1.

We recommend that you upgrade your curl packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.dsc
Size/MD5 checksum: 956 0a164bd43dbfb582a049fe3a737a375b
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.diff.gz
Size/MD5 checksum: 21635 47c30162c60f8192bce199f5fab0012d

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch2_all.deb
Size/MD5 checksum: 22244 752d541336f513b3bfd0841e0868b472

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 166256 709d02b9dae8f4b0c7333d6f03c31628
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 816206 a36046c7827322a14d257bd3fb74010b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 818778 967acf1522d86fdf56e84e1c5b22f147
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 809316 af0f20647d1a91d799dcbed6980428b7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 181392 78c3b97fba2c35b5c5d1bf1eb5f1d908
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 174310 433c7e16f748f83db01989e8a249a101

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 164766 6f3f68c322aa54a5000975530ded729e
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 170058 f6fd6e8f7a3e030ca028a6750f666061
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 772142 5d3cdfcfdaf0604aeebfc395703d6df7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 778626 490801518500a00caec9e45fb755c524
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 824964 a57398dfcbd49c33060a48671bed8a02
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 163446 7eaaea76d628e03e8ebdc580bff0b72b

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 756884 8eed02667e02867ad3d130a40ad4f330
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 762352 b5720175a10c9f7333a2e8a298aac91d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 783552 72af9664d85d8aa4ca0960da19554333
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 160536 c9fb486fd46228488f391d57a9d6edc8
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 165914 b1188bf4e4da054e04b77c4e8f27ca73
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 162598 a60ef14833ef5f5bad0bffbda329e326

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 164866 73bdea9c0a854221204e7d232a464ad7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 184262 c681c1b066c2210aa0d84f1763a14bdb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 798798 29f2ee940a221a567c8f9568202f6f85
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 178932 76c87584e67d0e9957110bb805a15946
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 791220 9d0a1827c563e72951420d6e869a348f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 815004 47b6884a2e5ce2224d64fdc9c5852325

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 163604 16def6f8c4d5068be2bba466f89dc329
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 759150 613d3cfa2de22d73706c4158f45a9380
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 766468 c32cd1d31c6078d4676b8046ddc56f07
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 168800 1fc225d65db9eb6508481bf2e5985d5d
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 163240 362b7152f99699f68c93ab89e821d8d0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 800506 984abe71ca0999c8a587ed1b0042299a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 811254 1992183aa065d3782a2992ea98c22a5a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 838550 350899a4e4f86a672aeb2c3a2d011e94
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 174484 ac0a064f867f61c30ebd1cd7da6ea845
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 217504 032debd42a9a3cc08f65ee17097fe9d7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 225458 a6beeb5551ffe3d09341160b368bf4f6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 848606 b339d6517e49af9a30b5bed9a42c9222

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 784292 439b960fc26cd382f86bbfb20478d7b0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 831916 dcfa7a779ae3cdac67cecf847dac0162
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 792482 357d60661e80f1ee887d2345a119b547
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 164020 c91e5b7e745e2179301d2e75be7d8ee2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 165474 eff09f808ce9a23ce659aeeffea398f1
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 170646 650b55f89ad5530208e49e211f5aebeb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 164056 b2cbeec53d1eef3e9d0e29adf797548b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 792108 4fe7f7e85d02706503d1064895607831
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 165674 500cb0c319ee13c14f8d010b3c4457cc
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 811082 c61871a4ac26252046b4e161aeef2dd7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 784546 b8ba2732071c34bbfe5c10927317f589
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 170522 0919591347253f65b44ddea61f49cbc7

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 774490 f804de8b26ea6914f0283f79f71d72b2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 781844 b53e33260b02761cd26c8780b8e81f2b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 173906 edf0a2342f93af56ffb18a45a934ace3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 841666 5df4b820f0f196560bd5796d0ad1bad7
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 165134 c62f63233f70e51a732c36492fd04ae9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 169130 44d2765d66141ceb6c6626750a098aaa

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 836322 26db7bd743a5c2141c6aee251a9cede0
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 179832 487db999849a4ac171d86d87d12d3f7f
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 163182 7be52b66b1f79a0d0f76d0183da4104a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 768888 87b9a0f806f25692cd2f9a30bd0be9eb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 172444 3d9a0b971714e2f9f6c7d15ce387bc93
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 774446 9c7cf8ac1154f4b8b71615ad8d48ed99

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 160204 433e751e98d9010f793cfacf4c809996
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 788794 2c4e9c34ccf365fa02bc1f1657e68f35
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 162412 1bab2e9e64b655babb5f1ef1b7271090
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 766110 cc724da5e7cc8b38376d1644d98a144e
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 165224 671413f03a06041a824630be23ded9e9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 759596 2070bf93dadb3b3fe1aa387fb0f8e6c7

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.diff.gz
Size/MD5 checksum: 27675 3cc8e00a5145e9f8f35823f89170ed4e
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.dsc
Size/MD5 checksum: 1418 02c706202a50b3358769c4c1e9f1a120
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5 checksum: 2273077 4fe99398a64a34613c9db7bd61bf6e3c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 211250 dcccf85073a2826d5af6e6d438f6c9f6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 224420 33ead51af60c4e6ea8f08b16ebde1e06
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 985930 c90004e19361846cbded2fb615eb60ec
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 1150080 c3436b5c4979764699a7236674df93cf
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 241558 7d28ddb21b9a23f2e4b6302dea9ffc36
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 957810 49c87cfe63e61d4c905c2c481b1a88a2

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 214620 3d0a0aa6453df3486b5910e198275f84
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 1182662 c7a8138e99e78dd772758e4d1db098fe
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 230526 1d8262e5c8ce1baddb748a76b836ff79
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 951202 76dd51652be02ad2972cbb32df9cbe60
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 208912 e66d007bbedba4d7e838045e549c64b1
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 928736 6f66f5283ad91d0a2b4d56bd629e8305

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 223972 d139a82972490d1f706ec27cacddadac
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 920298 d740b279b624e6a475cb7d391f7b2c10
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 903750 c81c5db454d3263cd6ae51d16c933a6d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 209142 e9f8cea7ff20b90a27e1a72a523b3d47
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 209082 a906ad9c5f72efd9cdd561aed4ca8dc9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 1151506 7c7546f135977a859ddc976f73b6542d

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 939250 04c83feddcf78eaca8136bd4b15bee90
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 209462 8e62f5740ba733a9a8cde83f045873e2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 227528 9905b63e7ffb02e1b6da0443ad99bbf6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 244642 f127b127e9783af96664f67fab940458
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 960844 5c3918da2bdb2bcb6e5775935d101600
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 1173380 ef0c131c585f50dd3b1d494be681ad4c

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 903896 766d2afb93354dc6cfccc719ca5d3a32
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 923838 54e2efa56e08277cd061ec142167b8f8
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 1155810 b481158475101fe14cd7086dd09b00ba
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 228434 806b581b9cb3e7b74b4c5b38d952d496
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 208184 310da7a3545fdd174ae3f7cf7a05d84e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 210964 fde8c7b507ef8fca75b3b95557443568

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 274076 a242056cc5928023e19189e0dad47a54
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 1165456 63a88f4853c990bf6a26744b25ffcd65
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 991418 a81c668fb270734005c855f77fbaa1b2
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 296182 959638d94a18a01ee393a5388af95e9a
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 222326 8f7d1012c7920a818ff3387fd672582b
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 1019228 f1ee83304b03f4e168a3077577aee4ca

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 1193134 69792abd2ebb8ae27741fd5380a15c7d
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 227940 f59a95b1a51411e2df9f7646166b8bb0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 212670 38196676b77101edb8d75e050ccdfa83
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 950332 3d0b559a946b285580c626796bd79619
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 208940 c4b370ba4637c34fb90b7241d94ad26e
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 929246 a3250ee1c064f637f4f8b80fe67cc126

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 208632 8e7b0faa4d0fcf82d4832c88040644a4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 1169800 fec90115dd8a0a4159eb0b32f9d2f547
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 949916 4c476dd885c52cc5de342bf739d84f65
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 212332 d9cccbe468c2228b96c662fab496a06e
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 928636 b3e28a026e7deb8cce632c63b2a7a140
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 227638 75ad8b0dd97c093ff56338d856df7383

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 941020 0f242ff442fea24f03c33af08d9e6c75
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 1179540 551daec15eb2ce16e000b2201dba167c
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 212734 57c377e5cbef3618e283a1e187045598
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 238114 440e40511e414c3a0c3a4f4bfd479a41
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 922274 73c54c0b54c83950728f60d8cc1727ea
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 222642 74220c8c71a4a5d9af54694d9777a9b0

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 223330 8c5ca7bc3655a68e2fc33d11ecc06865
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 209294 e28839caee56080274e61541e035af52
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 1190688 bd391c517d8ec4b5179f753ef73825a9
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 931312 dc473f1db5201689c7cb15f41929f780
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 239904 5f08a1a17220525e249e6dec32a21bfb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 912728 368e5d51de6826fce49b35e728a52dda

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 207660 84f75b95a33d19a1027b281c136f38ca
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 208576 4ac3ac2bb012ba68a1872620cc90e3a3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 1134708 3403c94f0c0c32c1e964364337132456
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 222562 990364878bde2699a2af470013f90fce
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 902436 8f221c8abaab29401bd0434b9add83c8
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 918590 2d0b3f1dc2882cc2446ed708c2f2b55e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm36v4ACgkQHYflSXNkfP/PaQCfe6xmnRhMoAmhLaEsVrOEwCD2
OKIAoKxDcy9wTjQb4jLMoZ1tAqSuS9jr
=eSVR
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1738_1_new_curl_packages_fix_arbitrary_file_access.html)