Nom du paquet
curl
Date
2013-06-27
Advisory ID
MDVSA-2013:180
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in curl:

libcurl is vulnerable to a case of bad checking of the input data
which may lead to heap corruption. The function curl_easy_unescape()
decodes URL encoded strings to raw binary data. URL encoded octets are
represented with \%HH combinations where HH is a two-digit hexadecimal
number. The decoded string is written to an allocated memory area
that the function returns to the caller (CVE-2013-2174).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 b67f07d5bfef732e46c73127186a4bc3  mes5/i586/curl-7.19.0-2.7mdvmes5.2.i586.rpm
 6a067acb5315f6bd23307fda4da508ad  mes5/i586/curl-examples-7.19.0-2.7mdvmes5.2.i586.rpm
 a7c6c2f0a0cd1060b8a7a1ebc58fabaa  mes5/i586/libcurl4-7.19.0-2.7mdvmes5.2.i586.rpm
 69558e117e489d890a0c316ee65f5af5  mes5/i586/libcurl-devel-7.19.0-2.7mdvmes5.2.i586.rpm 
 f9d1dffcfdfba6f5bf562367c855cdbd  mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm

MBS1 x86_64

 a058a7d1693791161fb8df94484242a3  mbs1/x86_64/curl-7.24.0-2.2.mbs1.x86_64.rpm
 e5a95ff0b6e939678e03899d93b3bf4c  mbs1/x86_64/curl-examples-7.24.0-2.2.mbs1.x86_64.rpm
 44eef308df01e82fb67ef420cef9a52d  mbs1/x86_64/lib64curl4-7.24.0-2.2.mbs1.x86_64.rpm
 6f1e301a381d5ffc7cf8380918ab34ee  mbs1/x86_64/lib64curl-devel-7.24.0-2.2.mbs1.x86_64.rpm 
 d51e83363cf2bf8586137e2ec60c4f96  mbs1/SRPMS/curl-7.24.0-2.2.mbs1.src.rpm

MES5 x86_64

 84136245be8d68485b44098b13978e2b  mes5/x86_64/curl-7.19.0-2.7mdvmes5.2.x86_64.rpm
 0ad99a19f59cc109d3d54690360e3e14  mes5/x86_64/curl-examples-7.19.0-2.7mdvmes5.2.x86_64.rpm
 10b8613b86eee782dc3cf3b2c636054a  mes5/x86_64/lib64curl4-7.19.0-2.7mdvmes5.2.x86_64.rpm
 5ce1e7e7564ed6f4d54cb9aba9a0c25c  mes5/x86_64/lib64curl-devel-7.19.0-2.7mdvmes5.2.x86_64.rpm 
 f9d1dffcfdfba6f5bf562367c855cdbd  mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm

References