1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2660-1] curl security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Apr 20 17:00:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2660-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    April 20, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    Vulnerability : exposure of sensitive information
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-1944
    Debian Bug : 705274

    Yamada Yasuharu discovered that cURL, an URL transfer library, is
    vulnerable to expose potentially sensitive information when doing
    requests across domains with matching tails. Due to a bug in the
    tailmatch function when matching domain names, it was possible that
    cookies set for a domain 'ample.com' could accidentally also be sent
    by libcurl when communicating with 'example.com'.

    Both curl the command line tool and applications using the libcurl
    library are vulnerable.

    For the stable distribution (squeeze), this problem has been fixed in
    version 7.21.0-2.1+squeeze3.

    For the testing distribution (wheezy), this problem has been fixed in
    version 7.26.0-1+wheezy2.

    For the unstable distribution (sid), this problem has been fixed in
    version 7.29.0-2.1.

    We recommend that you upgrade your curl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQEcBAEBAgAGBQJRcqt6AAoJEFb2GnlAHawEJsgH/RFAPpyxjMJs5IUbnaGBB17w p3sfg7uC92mYHvUcXb2tXLzJTJ7QBWZTbvo9Dnr0r72WU9AJCmOZ3FiSrU6hlLZG QommSJgi+614IjQV6IcYIs5MM4Ne/KNBAcz31ROr5xqRNLQo4N6cxBj9NKnsi1Ut f6xrQInVKp5WNx3qMGtxAKfVrCMcMRM0OTW+ASJI1r4smVSVdUBrJSkk0mg08jZG QQeAXtOOSbkahKpwcgGETgU+l1MTYkgjSZwwRtWJUbdPSeUrNl8SHM9Fa7h1c/j9 b/2odiynlhXYyOkj1PyPaNireEBsLOCY2xRZH27fZGh6AXFC07KS6Io4NYnDfJQ=
    =MBDd
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)