1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3122-1] curl security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Jan 8 20:40:02 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3122-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    CVE ID : CVE-2014-8150

    Andrey Labunets of Facebook discovered that cURL, an URL transfer
    library, fails to properly handle URLs with embedded end-of-line
    characters. An attacker able to make an application using libcurl to
    access a specially crafted URL via an HTTP proxy could use this flaw to
    do additional requests in a way that was not intended, or insert
    additional request headers into the request.

    For the stable distribution (wheezy), this problem has been fixed in
    version 7.26.0-1+wheezy12.

    For the upcoming stable distribution (jessie), this problem will be
    fixed soon.

    For the unstable distribution (sid), this problem has been fixed in
    version 7.38.0-4.

    We recommend that you upgrade your curl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJUrtvYAAoJEAVMuPMTQ89Eav0P/i41/0iYAYeRWzAl0OT2K1PM m0trJB+hj921OUbXXJ5BeYxVesb51VRh8OKDA/8XRFO4yTG9NaFAbnrz8MQm3RKL 9caUUI9l/kuXguCZFSgx7AzoDjg4yFbv7pXT9fI2IJ0zqldjnEfH8GWT29VvH8G7 yc/7STjYAyxjbC4/bCl4ZD7uZ1hgJrFKBi4byBS/iHr+148yG4uKyPgDM+ne2EYD RPid3B0NFq00ShdgoZC/hoe/OoJCrePxs8rbha+wIfWejrkkE09d4GT+6cPyAB9G 2fKv2YvPOSji/qAnbDE8XvfOz1L/9HMotxaxfjTbQP4U2XltsOjFJh8kcHy4A8N9 DgX0sq2/3yBNwF/8NKEbzWA/189FcpBom8z2U5kXj/3WOJm2WcnDxeu/77V2s7sO +Eee1pDb8VacLVJp5PF/Sy/gMq/dKgenM8csBjA8epcxoK9j8/rDoUPSv0gwiEu/ eR1zupll/++dNb46mNmWIiopZDbkgk8qYRrDFAbff4OeoEgIbtSnheQskLcm8pFd tp/DnB/wSgDpYS05sHBjHPtGMdXMKq7zDZFV0VWYlzVzObQ5i8LwABZJMauMrPW9 gGPXKAUZo7ZI8D5QeFmJZ0MwYx0q9Wgx4kLoM3iFO2ZtW98lYks1135kxrQLiCGi 2Br/qdf5gNsFbo5i3Yow
    =T7UY
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)