Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
MDKSA-2005:224 - Updated curl package fixes format string vulnerability
Posted by Bob on: 12/08/2005 09:52 PM [ Print | 0 comment(s) ]
The Mandriva Security Team published a new security update: MDKSA-2005:224 - Updated curl package fixes format string vulnerability for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:224
http://www.mandriva.com/security/
_______________________________________________________________________
Package : curl
Date : December 8, 2005
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________
Problem Description:
Stefan Esser discovered that libcurl's URL parser function can have
a malloced buffer overflows in two ways if given a too long URL. It
cannot be triggered by a redirect, which makes remote exploitation
unlikely, but can be passed directly to libcurl (allowing for local
exploitation) and could also be used to break out of PHP's safe_mode/
open_basedir.
This vulnerability only exists in libcurl and curl 7.11.2 up to and
including 7.15.0, which means that Corporate Server 2.1 and Corporate
3.0 are not vulnerable.
The updated packages have been patched to correct the problem. As
well, updated php-curl packages are available that provide a new curl
PHP module compiled against the fixed code.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
http://www.dyadsecurity.com/perl-0002.html
http://curl.haxx.se/docs/adv_20051207.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
e338c6fec40f0b5f7c47f01ecfc85fd8 10.1/RPMS/curl-7.12.1-1.3.101mdk.i586.rpm
2c6fc6d5cb9f62c0fd7d0890779167dd 10.1/RPMS/libcurl3-7.12.1-1.3.101mdk.i586.rpm
496b439769425c8a45a15195c9f1a339 10.1/RPMS/libcurl3-devel-7.12.1-1.3.101mdk.i586.rpm
59bc58c52d3c7034e31bf7a5d9e2f845 10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
ecd5b17dd584d8ba4c986437bde4f6fa x86_64/10.1/RPMS/curl-7.12.1-1.3.101mdk.x86_64.rpm
d3bb7a56841873696ffd6add01cf8da3 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.3.101mdk.x86_64.rpm
f54e7f2fb8a4ad73787ce9af0e65ac41 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.3.101mdk.x86_64.rpm
59bc58c52d3c7034e31bf7a5d9e2f845 x86_64/10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm
Mandriva Linux 10.2:
287e79b91baa16afe1e57944bf8887a4 10.2/RPMS/curl-7.13.1-2.2.102mdk.i586.rpm
6012e004103928ffeb31f8017a08cce1 10.2/RPMS/libcurl3-7.13.1-2.2.102mdk.i586.rpm
60b5868305bda86a04ec63b349a1b45d 10.2/RPMS/libcurl3-devel-7.13.1-2.2.102mdk.i586.rpm
f12a43929acf2432a413937b00751f26 10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
6620e61f2dfc0f6b9f8ddb4bb17a9dc8 x86_64/10.2/RPMS/curl-7.13.1-2.2.102mdk.x86_64.rpm
bfe67e81d224684763cbbc673df15488 x86_64/10.2/RPMS/lib64curl3-7.13.1-2.2.102mdk.x86_64.rpm
4b601554dd99d63f94b3f35f0924034e x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.2.102mdk.x86_64.rpm
f12a43929acf2432a413937b00751f26 x86_64/10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm
Mandriva Linux 2006.0:
78fe1cf7868e10c17a31adaa01718f1d 2006.0/RPMS/curl-7.14.0-2.2.20060mdk.i586.rpm
d6cf997f844557f77ca5b720973f717d 2006.0/RPMS/libcurl3-7.14.0-2.2.20060mdk.i586.rpm
6959638e76f3f2d7c7c8774e4d891b5a 2006.0/RPMS/libcurl3-devel-7.14.0-2.2.20060mdk.i586.rpm
7502a4eb9fe19554714247e4a9a5f176 2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.i586.rpm
c04932aea0dc51673585ed68119d518d 2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007 2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
7401463c8a258183c1f3798b02f3d029 x86_64/2006.0/RPMS/curl-7.14.0-2.2.20060mdk.x86_64.rpm
b5d47137d19d7e69a31a50cab4e520b7 x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.2.20060mdk.x86_64.rpm
50ddb76a23cb766bcb99d0ad7ff18492 x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.2.20060mdk.x86_64.rpm
a94e9b275b0a661940c4a15fbf63efb9 x86_64/2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.x86_64.rpm
c04932aea0dc51673585ed68119d518d x86_64/2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007 x86_64/2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDmG9PmqjQ0CJFipgRAjKOAJ9y+J1rz0dUNxMkAHgjNo8h3gommQCfR7gK
9hrKV4NklzNOi+YGNG+LLRc=
=S6Wy
-----END PGP SIGNATURE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:224
http://www.mandriva.com/security/
_______________________________________________________________________
Package : curl
Date : December 8, 2005
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________
Problem Description:
Stefan Esser discovered that libcurl's URL parser function can have
a malloced buffer overflows in two ways if given a too long URL. It
cannot be triggered by a redirect, which makes remote exploitation
unlikely, but can be passed directly to libcurl (allowing for local
exploitation) and could also be used to break out of PHP's safe_mode/
open_basedir.
This vulnerability only exists in libcurl and curl 7.11.2 up to and
including 7.15.0, which means that Corporate Server 2.1 and Corporate
3.0 are not vulnerable.
The updated packages have been patched to correct the problem. As
well, updated php-curl packages are available that provide a new curl
PHP module compiled against the fixed code.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
http://www.dyadsecurity.com/perl-0002.html
http://curl.haxx.se/docs/adv_20051207.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
e338c6fec40f0b5f7c47f01ecfc85fd8 10.1/RPMS/curl-7.12.1-1.3.101mdk.i586.rpm
2c6fc6d5cb9f62c0fd7d0890779167dd 10.1/RPMS/libcurl3-7.12.1-1.3.101mdk.i586.rpm
496b439769425c8a45a15195c9f1a339 10.1/RPMS/libcurl3-devel-7.12.1-1.3.101mdk.i586.rpm
59bc58c52d3c7034e31bf7a5d9e2f845 10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
ecd5b17dd584d8ba4c986437bde4f6fa x86_64/10.1/RPMS/curl-7.12.1-1.3.101mdk.x86_64.rpm
d3bb7a56841873696ffd6add01cf8da3 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.3.101mdk.x86_64.rpm
f54e7f2fb8a4ad73787ce9af0e65ac41 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.3.101mdk.x86_64.rpm
59bc58c52d3c7034e31bf7a5d9e2f845 x86_64/10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm
Mandriva Linux 10.2:
287e79b91baa16afe1e57944bf8887a4 10.2/RPMS/curl-7.13.1-2.2.102mdk.i586.rpm
6012e004103928ffeb31f8017a08cce1 10.2/RPMS/libcurl3-7.13.1-2.2.102mdk.i586.rpm
60b5868305bda86a04ec63b349a1b45d 10.2/RPMS/libcurl3-devel-7.13.1-2.2.102mdk.i586.rpm
f12a43929acf2432a413937b00751f26 10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
6620e61f2dfc0f6b9f8ddb4bb17a9dc8 x86_64/10.2/RPMS/curl-7.13.1-2.2.102mdk.x86_64.rpm
bfe67e81d224684763cbbc673df15488 x86_64/10.2/RPMS/lib64curl3-7.13.1-2.2.102mdk.x86_64.rpm
4b601554dd99d63f94b3f35f0924034e x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.2.102mdk.x86_64.rpm
f12a43929acf2432a413937b00751f26 x86_64/10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm
Mandriva Linux 2006.0:
78fe1cf7868e10c17a31adaa01718f1d 2006.0/RPMS/curl-7.14.0-2.2.20060mdk.i586.rpm
d6cf997f844557f77ca5b720973f717d 2006.0/RPMS/libcurl3-7.14.0-2.2.20060mdk.i586.rpm
6959638e76f3f2d7c7c8774e4d891b5a 2006.0/RPMS/libcurl3-devel-7.14.0-2.2.20060mdk.i586.rpm
7502a4eb9fe19554714247e4a9a5f176 2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.i586.rpm
c04932aea0dc51673585ed68119d518d 2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007 2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
7401463c8a258183c1f3798b02f3d029 x86_64/2006.0/RPMS/curl-7.14.0-2.2.20060mdk.x86_64.rpm
b5d47137d19d7e69a31a50cab4e520b7 x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.2.20060mdk.x86_64.rpm
50ddb76a23cb766bcb99d0ad7ff18492 x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.2.20060mdk.x86_64.rpm
a94e9b275b0a661940c4a15fbf63efb9 x86_64/2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.x86_64.rpm
c04932aea0dc51673585ed68119d518d x86_64/2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007 x86_64/2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDmG9PmqjQ0CJFipgRAjKOAJ9y+J1rz0dUNxMkAHgjNo8h3gommQCfR7gK
9hrKV4NklzNOi+YGNG+LLRc=
=S6Wy
-----END PGP SIGNATURE-----
