MDKSA-2005:182

Nom du paquet

curl

Date

2005-10-13

Advisory ID

MDKSA-2005:182

Affected versions

MNF2.0 i586 , 2006.0 i586 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problem description

A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes. The updated packages have been patched to address this issue.

Updated packages

MNF2.0 i586

 791c952a30b42a72f385ece06fdd1f47  mnf/2.0/RPMS/curl-7.11.0-2.2.M20mdk.i586.rpm
717b91b2099ad4132ce54dc8da3cff44  mnf/2.0/RPMS/libcurl2-7.11.0-2.2.M20mdk.i586.rpm
6fdb16af536f1539ce60cecefd2db61b  mnf/2.0/SRPMS/curl-7.11.0-2.2.M20mdk.src.rpm

2006.0 i586

 07805740a9f93561d6ac56918a781245  2006.0/RPMS/curl-7.14.0-2.1.20060mdk.i586.rpm
3d97dd7714cbe0b198683163467c0d6f  2006.0/RPMS/libcurl3-7.14.0-2.1.20060mdk.i586.rpm
6a7d8ed065b64e03e3bdd12c60611655  2006.0/RPMS/libcurl3-devel-7.14.0-2.1.20060mdk.i586.rpm
850cab614960f3a8ea2121d5e35457af  2006.0/SRPMS/curl-7.14.0-2.1.20060mdk.src.rpm

10.2 i586

 02917ae6640125c7fd60dfe1d4c435af  10.2/RPMS/curl-7.13.1-2.1.102mdk.i586.rpm
2547b81f7043b55a0b346e74817d5664  10.2/RPMS/libcurl3-7.13.1-2.1.102mdk.i586.rpm
b1f52fa823b34b43cb925cef0f4ca554  10.2/RPMS/libcurl3-devel-7.13.1-2.1.102mdk.i586.rpm
853ad6f024fe5247d8e97c081c854476  10.2/SRPMS/curl-7.13.1-2.1.102mdk.src.rpm

10.1 i586

 f03596cfd096487930950f055113e25e  10.1/RPMS/curl-7.12.1-1.2.101mdk.i586.rpm
888d28bd88686516b965801d4fa73ef5  10.1/RPMS/libcurl3-7.12.1-1.2.101mdk.i586.rpm
14119a5933519cd326eab4b6912f9c89  10.1/RPMS/libcurl3-devel-7.12.1-1.2.101mdk.i586.rpm
95e5c325854b56bcc049ace852aacad9  10.1/SRPMS/curl-7.12.1-1.2.101mdk.src.rpm

CS3.0 x86_64

 6b34e27cc2729a905359d616ea98677f  x86_64/corporate/3.0/RPMS/curl-7.11.0-2.2.C30mdk.x86_64.rpm
36f7fbf58702e2a3d7d49fd384d9ae91  x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.2.C30mdk.x86_64.rpm
03d4b8f01e1b916afeff6d51b7b04581  x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.2.C30mdk.x86_64.rpm
a952e90be7922ed1b153fca1c94b0d9b  x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.2.C30mdk.src.rpm

CS3.0 i586

 40231d093f311328f0985db5f71ae7f9  corporate/3.0/RPMS/curl-7.11.0-2.2.C30mdk.i586.rpm
7974dc65bf872a05910a0017383f34a1  corporate/3.0/RPMS/libcurl2-7.11.0-2.2.C30mdk.i586.rpm
70f87a4964fdba5256d475796a6af4d8  corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.2.C30mdk.i586.rpm
a952e90be7922ed1b153fca1c94b0d9b  corporate/3.0/SRPMS/curl-7.11.0-2.2.C30mdk.src.rpm

10.2 x86_64

 30c2447b5a8066da44547f30e8693aed  x86_64/10.2/RPMS/curl-7.13.1-2.1.102mdk.x86_64.rpm
aef8bdd4c0bda5743915c563dea36ee7  x86_64/10.2/RPMS/lib64curl3-7.13.1-2.1.102mdk.x86_64.rpm
9da4ae9331b99a7a2a07acd2d4c2cb5a  x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.1.102mdk.x86_64.rpm
853ad6f024fe5247d8e97c081c854476  x86_64/10.2/SRPMS/curl-7.13.1-2.1.102mdk.src.rpm

2006.0 x86_64

 aa1ccbb76d1f0a706c72c44028d8e4cc  x86_64/2006.0/RPMS/curl-7.14.0-2.1.20060mdk.x86_64.rpm
ec71600f685de4c15211c83a399bd04a  x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.1.20060mdk.x86_64.rpm
b791d65f418fd714466f07549f8688fd  x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.1.20060mdk.x86_64.rpm
850cab614960f3a8ea2121d5e35457af  x86_64/2006.0/SRPMS/curl-7.14.0-2.1.20060mdk.src.rpm

10.1 x86_64

 c8672912f86bbb916d12e9e1868230eb  x86_64/10.1/RPMS/curl-7.12.1-1.2.101mdk.x86_64.rpm
bd80d2720507b859b8da2df5f67fbf6a  x86_64/10.1/RPMS/lib64curl3-7.12.1-1.2.101mdk.x86_64.rpm
62e47838707d23ccf8e55c495458aaa6  x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.2.101mdk.x86_64.rpm
95e5c325854b56bcc049ace852aacad9  x86_64/10.1/SRPMS/curl-7.12.1-1.2.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185
• http://curl.haxx.se/mail/lib-2005-10/0061.html