DSA 2398-1: curl security update
Posted on: 01/31/2012 10:43 AM

A curl security update has been released for Debian GNU/Linux

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2398-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3389 CVE-2012-0036

Several vulnerabilities have been discovered in Curl, an URL transfer
library. The Common Vulnerabilities and Exposures project identifies the
following problems:


This update enables OpenSSL workarounds against the "BEAST" attack.
Additional information can be found in the Curl advisory:


Dan Fandrich discovered that Curl performs insufficient sanitising
when extracting the file path part of an URL.

For the oldstable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 7.24.0-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_2398_1_curl_security_update.html)