Paketname
curl
Datum
2013-04-26
Advisory ID
MDVSA-2013:151
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated curl packages fix security vulnerability:

libcurl is vulnerable to a cookie leak vulnerability when doing
requests across domains with matching tails. This vulnerability can be
used to hijack sessions in targetted attacks since registering domains
using a known domain's name as an ending is trivial (CVE-2013-1944).

Aktualisierte Pakete

MES5 i586

 f0521b89d652d1c45bfeff5f9aea5af7  mes5/i586/curl-7.19.0-2.6mdvmes5.2.i586.rpm
 daf9daaf4e61d1febab693f970fa52a8  mes5/i586/curl-examples-7.19.0-2.6mdvmes5.2.i586.rpm
 077a55e5c750e32b8859174778c779db  mes5/i586/libcurl4-7.19.0-2.6mdvmes5.2.i586.rpm
 1c893a591659bb28d4fdf8278ce615af  mes5/i586/libcurl-devel-7.19.0-2.6mdvmes5.2.i586.rpm 
 d5b1ced5df5a5c8fc98db99abd8bbc0b  mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

MBS1 x86_64

 539dc5e1ada6bac459d752af6edb47b3  mbs1/x86_64/curl-7.24.0-2.1.mbs1.x86_64.rpm
 d009466416305b1b6c2a1306601df21c  mbs1/x86_64/curl-examples-7.24.0-2.1.mbs1.x86_64.rpm
 e5144a110a6097bcd6b33e34f5158d73  mbs1/x86_64/lib64curl4-7.24.0-2.1.mbs1.x86_64.rpm
 971ceabe6e9df96a446f582d17680c97  mbs1/x86_64/lib64curl-devel-7.24.0-2.1.mbs1.x86_64.rpm 
 32a96e2c01d201c50372c18e1fd6204a  mbs1/SRPMS/curl-7.24.0-2.1.mbs1.src.rpm

MES5 x86_64

 cedf0d881fdb2c36a1884bc5fe0efb63  mes5/x86_64/curl-7.19.0-2.6mdvmes5.2.x86_64.rpm
 21a7b7ade9a334525bbe0725ba9bfa14  mes5/x86_64/curl-examples-7.19.0-2.6mdvmes5.2.x86_64.rpm
 09ef67ca7acd8b5e86ffd53dd9944b92  mes5/x86_64/lib64curl4-7.19.0-2.6mdvmes5.2.x86_64.rpm
 6470a7442aa71657fa22b137c2870e73  mes5/x86_64/lib64curl-devel-7.19.0-2.6mdvmes5.2.x86_64.rpm 
 d5b1ced5df5a5c8fc98db99abd8bbc0b  mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

Referenzen