Skip to navigation

Security Advisory curl security update

Advisory: RHSA-2005:340-09
Type: Security Advisory
Severity: Low
Issued on: 2005-04-05
Last updated on: 2005-04-05
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0490

Details

Updated curl packages are now available.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity.

Multiple buffer overflow bugs were found in the way curl processes base64
encoded replies. If a victim can be tricked into visiting a URL with curl,
a malicious web server could execute arbitrary code on a victim's machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0490 to this issue.

All users of curl are advised to upgrade to these updated
packages, which contain backported fixes for these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-devel-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 9453794eeb8ba1fb4045c97e3897f6ca
 
x86_64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 29883744a5b03a9e6d1bf16c58308c7d
curl-devel-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7c0e8f9949d0626b5f13268bb9536e3b
 
Red Hat Desktop (v. 4)

IA-32:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-devel-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1cca59cf58f7c0a5245bd2a306cec271
 
x86_64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a55f05188ef582939a8fdd2a997dc565
curl-devel-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 65c270bd5963ee9d6cdb9cd94e3feaaf
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
curl-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 096b2965d9822a8edea1e8aa49fba477
curl-devel-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 9824fe2e443e772c34eec07fbdb127a7
 
IA-64:
curl-7.8-2.rhel2.ia64.rpm
File outdated by:  RHSA-2009:0341
    MD5: 23adf904c13b4cc37f9f898d2d240958
curl-devel-7.8-2.rhel2.ia64.rpm
File outdated by:  RHSA-2009:0341
    MD5: 37fce3f0b3395c2b0bee41247318df88
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-devel-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 9453794eeb8ba1fb4045c97e3897f6ca
 
IA-64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 193170b18b6c9cb42515a89bd9460208
curl-devel-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: b8cffb950d5dea79ad192a7e35728488
 
PPC:
curl-7.10.6-6.rhel3.ppc.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7245756e4749990e335f88b0083b4469
curl-7.10.6-6.rhel3.ppc64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 78378822aac78cd441501b8871473ea9
curl-devel-7.10.6-6.rhel3.ppc.rpm
File outdated by:  RHSA-2010:0329
    MD5: 10b9c46cd7935ebd7c066e576d38d304
 
s390:
curl-7.10.6-6.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: d3d31e789a24ff4c0383a85533cdf6a2
curl-devel-7.10.6-6.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: 8f56662ea2f5a6bc9d2083a836a3f824
 
s390x:
curl-7.10.6-6.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: d3d31e789a24ff4c0383a85533cdf6a2
curl-7.10.6-6.rhel3.s390x.rpm
File outdated by:  RHSA-2010:0329
    MD5: a8fdfd39dcf99227543c70c59a588ff5
curl-devel-7.10.6-6.rhel3.s390x.rpm
File outdated by:  RHSA-2010:0329
    MD5: cfd5a0fc6c7df9f90bfb17fa722fddd1
 
x86_64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 29883744a5b03a9e6d1bf16c58308c7d
curl-devel-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7c0e8f9949d0626b5f13268bb9536e3b
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-devel-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1cca59cf58f7c0a5245bd2a306cec271
 
IA-64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a716b5b8c8f43e476113ea14eed4a59b
curl-devel-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 2e2e26b46632d40e195c381d4a91a1b4
 
PPC:
curl-7.12.1-5.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: 91f0436e3aa665f40bc670c747b7a259
curl-7.12.1-5.rhel4.ppc64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 2bea0e8a02ec121e316d763624a3852d
curl-devel-7.12.1-5.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4eea6d0f1bedc2af413ec6f33ff4522f
 
s390:
curl-7.12.1-5.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: c1028ff30d6279cedfd9364fe990378d
curl-devel-7.12.1-5.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: 55b1e2db2294f429b8ad912192406efe
 
s390x:
curl-7.12.1-5.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: c1028ff30d6279cedfd9364fe990378d
curl-7.12.1-5.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: 783c3c7749345e6f92e92a99082c8bfa
curl-devel-7.12.1-5.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7a5dd057cbf88771c76a705a6e64b2b0
 
x86_64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a55f05188ef582939a8fdd2a997dc565
curl-devel-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 65c270bd5963ee9d6cdb9cd94e3feaaf
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
curl-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 096b2965d9822a8edea1e8aa49fba477
curl-devel-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 9824fe2e443e772c34eec07fbdb127a7
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-devel-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 9453794eeb8ba1fb4045c97e3897f6ca
 
IA-64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 193170b18b6c9cb42515a89bd9460208
curl-devel-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: b8cffb950d5dea79ad192a7e35728488
 
x86_64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 29883744a5b03a9e6d1bf16c58308c7d
curl-devel-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7c0e8f9949d0626b5f13268bb9536e3b
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-devel-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1cca59cf58f7c0a5245bd2a306cec271
 
IA-64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a716b5b8c8f43e476113ea14eed4a59b
curl-devel-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 2e2e26b46632d40e195c381d4a91a1b4
 
x86_64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a55f05188ef582939a8fdd2a997dc565
curl-devel-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 65c270bd5963ee9d6cdb9cd94e3feaaf
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
curl-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 096b2965d9822a8edea1e8aa49fba477
curl-devel-7.8-2.rhel2.i386.rpm
File outdated by:  RHSA-2009:0341
    MD5: 9824fe2e443e772c34eec07fbdb127a7
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-devel-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 9453794eeb8ba1fb4045c97e3897f6ca
 
IA-64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 193170b18b6c9cb42515a89bd9460208
curl-devel-7.10.6-6.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: b8cffb950d5dea79ad192a7e35728488
 
x86_64:
curl-7.10.6-6.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 336975664cc531c695a248f1ed08cab1
curl-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 29883744a5b03a9e6d1bf16c58308c7d
curl-devel-7.10.6-6.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7c0e8f9949d0626b5f13268bb9536e3b
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-devel-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1cca59cf58f7c0a5245bd2a306cec271
 
IA-64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a716b5b8c8f43e476113ea14eed4a59b
curl-devel-7.12.1-5.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 2e2e26b46632d40e195c381d4a91a1b4
 
x86_64:
curl-7.12.1-5.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 4a8cad6a78491d56b7bd5ede38aef2c4
curl-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: a55f05188ef582939a8fdd2a997dc565
curl-devel-7.12.1-5.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 65c270bd5963ee9d6cdb9cd94e3feaaf
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
curl-7.8-2.rhel2.ia64.rpm
File outdated by:  RHSA-2009:0341
    MD5: 23adf904c13b4cc37f9f898d2d240958
curl-devel-7.8-2.rhel2.ia64.rpm
File outdated by:  RHSA-2009:0341
    MD5: 37fce3f0b3395c2b0bee41247318df88
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

149322 - CAN-2005-0490 Multiple stack based buffer overflows in curl


References


Keywords

curl, overflows


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/