Nom du paquet
curl
Date
2013-11-21
Advisory ID
MDVSA-2013:276
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Updated curl packages fix security vulnerability:

Scott Cantor discovered that curl, a file retrieval tool, would disable
the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER
setting was disabled. This would also disable ssl certificate host
name checks when it should have only disabled verification of the
certificate trust chain (CVE-2013-4545).

Updated packages

MES5 i586

 8f84022018a0be9caba70cc8cf6b98d1  mes5/i586/curl-7.19.0-2.8mdvmes5.2.i586.rpm
 e86ae32c140ab086117a626b1dc4247c  mes5/i586/curl-examples-7.19.0-2.8mdvmes5.2.i586.rpm
 af24903c9f5de553fb3608bd58218f24  mes5/i586/libcurl4-7.19.0-2.8mdvmes5.2.i586.rpm
 bf050fb57bfcdf91bb8b60f3b0c0e25f  mes5/i586/libcurl-devel-7.19.0-2.8mdvmes5.2.i586.rpm 
 dfb61d68c4c646ab7bd0a9d3a1c39469  mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm

MBS1 x86_64

 1c6d38ad16cfbbd7c08ac4db92c3c322  mbs1/x86_64/curl-7.24.0-2.3.mbs1.x86_64.rpm
 47944d2322c89eb7e167ff2cfaaa0c21  mbs1/x86_64/curl-examples-7.24.0-2.3.mbs1.x86_64.rpm
 6b2c3b949347f726bb1a68700d3de178  mbs1/x86_64/lib64curl4-7.24.0-2.3.mbs1.x86_64.rpm
 1b2449e78f76b8af262fa990317cc6f4  mbs1/x86_64/lib64curl-devel-7.24.0-2.3.mbs1.x86_64.rpm 
 5158e7b7a60bad696d90178ec462c6a0  mbs1/SRPMS/curl-7.24.0-2.3.mbs1.src.rpm

MES5 x86_64

 4ccbd52d83d96e492d15463f39e4592e  mes5/x86_64/curl-7.19.0-2.8mdvmes5.2.x86_64.rpm
 9c4dd21c21347ef24faa736eec23f8d1  mes5/x86_64/curl-examples-7.19.0-2.8mdvmes5.2.x86_64.rpm
 1ec84b9e08af585ec52115c780f8f7ad  mes5/x86_64/lib64curl4-7.19.0-2.8mdvmes5.2.x86_64.rpm
 d9ca888f8a41efdbed7413c08b0a3c6c  mes5/x86_64/lib64curl-devel-7.19.0-2.8mdvmes5.2.x86_64.rpm 
 dfb61d68c4c646ab7bd0a9d3a1c39469  mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm

References