Skip to navigation

Security Advisory curl security update

Advisory: RHSA-2005:807-6
Type: Security Advisory
Severity: Moderate
Issued on: 2005-11-02
Last updated on: 2005-11-02
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-3185

Details

Updated curl packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

A stack based buffer overflow bug was found in cURL's NTLM authentication
module. It is possible to execute arbitrary code on a user's machine if
the user can be tricked into connecting to a malicious web server using
NTLM authentication. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3185 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolve this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-devel-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 70ad959c7f566c2145d6024845d3a78f
 
x86_64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 8646b2ff68f5f1ee2cc1ff5da875e7c7
curl-devel-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 65db40cfdfc676fd1a12c0b6bfae699a
 
Red Hat Desktop (v. 4)

SRPMS:
curl-7.12.1-6.rhel4.src.rpm
File outdated by:  RHSA-2011:0918
    MD5: 354e2083a66997cc4f868b08f049798e
 
IA-32:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-devel-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 0bab280280fa3770e00b88cf34dab80e
 
x86_64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: dc308198a4f9c9e5477911096a5e65de
curl-devel-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 6cc5d58957f9ddb9fef20c6201fe4e33
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-devel-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 70ad959c7f566c2145d6024845d3a78f
 
IA-64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 199d6a6f2e21733a86ed346b2cbe089f
curl-devel-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 0b95f082281ae4d9d460281b39b46aa0
 
PPC:
curl-7.10.6-7.rhel3.ppc.rpm
File outdated by:  RHSA-2010:0329
    MD5: 77a1836af930e5326110ee8690317901
curl-7.10.6-7.rhel3.ppc64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 908d24e3cbc7d08036d43733d7ae2022
curl-devel-7.10.6-7.rhel3.ppc.rpm
File outdated by:  RHSA-2010:0329
    MD5: 0fc4b76591d36237efc18d58bb1566ec
 
s390:
curl-7.10.6-7.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7ade82b95dae4bc22e4030731ffbc641
curl-devel-7.10.6-7.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: 1ceb1c3662fb96ea90ebda1c46df2706
 
s390x:
curl-7.10.6-7.rhel3.s390.rpm
File outdated by:  RHSA-2010:0329
    MD5: 7ade82b95dae4bc22e4030731ffbc641
curl-7.10.6-7.rhel3.s390x.rpm
File outdated by:  RHSA-2010:0329
    MD5: b246e88f93093cb48eb1a86a8b80fe71
curl-devel-7.10.6-7.rhel3.s390x.rpm
File outdated by:  RHSA-2010:0329
    MD5: aa34b35194bba528ed3b2c066b709508
 
x86_64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 8646b2ff68f5f1ee2cc1ff5da875e7c7
curl-devel-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 65db40cfdfc676fd1a12c0b6bfae699a
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
curl-7.12.1-6.rhel4.src.rpm
File outdated by:  RHSA-2011:0918
    MD5: 354e2083a66997cc4f868b08f049798e
 
IA-32:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-devel-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 0bab280280fa3770e00b88cf34dab80e
 
IA-64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 07c388d071c757bbc7333538f3258ea3
curl-devel-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1009a4b23eccdf737d123cd073000d57
 
PPC:
curl-7.12.1-6.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: bbb86cd7e5976de2a7784c32db0e4233
curl-7.12.1-6.rhel4.ppc64.rpm
File outdated by:  RHSA-2011:0918
    MD5: f12164cdc06758194f8c5c7893a63836
curl-devel-7.12.1-6.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: e410212395e7af4797aae342bdf1a590
 
s390:
curl-7.12.1-6.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: cc8e0c6478a8af638c61e406ddafbaaa
curl-devel-7.12.1-6.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: 61b6e8d9e57dcf391b202bb81db6955b
 
s390x:
curl-7.12.1-6.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: cc8e0c6478a8af638c61e406ddafbaaa
curl-7.12.1-6.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: 5c79c8a8422d02e326f9b3654fd6805c
curl-devel-7.12.1-6.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: e5c6bb0ff192c70f77557235b9791c96
 
x86_64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: dc308198a4f9c9e5477911096a5e65de
curl-devel-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 6cc5d58957f9ddb9fef20c6201fe4e33
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-devel-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 70ad959c7f566c2145d6024845d3a78f
 
IA-64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 199d6a6f2e21733a86ed346b2cbe089f
curl-devel-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 0b95f082281ae4d9d460281b39b46aa0
 
x86_64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 8646b2ff68f5f1ee2cc1ff5da875e7c7
curl-devel-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 65db40cfdfc676fd1a12c0b6bfae699a
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
curl-7.12.1-6.rhel4.src.rpm
File outdated by:  RHSA-2011:0918
    MD5: 354e2083a66997cc4f868b08f049798e
 
IA-32:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-devel-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 0bab280280fa3770e00b88cf34dab80e
 
IA-64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 07c388d071c757bbc7333538f3258ea3
curl-devel-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1009a4b23eccdf737d123cd073000d57
 
x86_64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: dc308198a4f9c9e5477911096a5e65de
curl-devel-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 6cc5d58957f9ddb9fef20c6201fe4e33
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-devel-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: 70ad959c7f566c2145d6024845d3a78f
 
IA-64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 199d6a6f2e21733a86ed346b2cbe089f
curl-devel-7.10.6-7.rhel3.ia64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 0b95f082281ae4d9d460281b39b46aa0
 
x86_64:
curl-7.10.6-7.rhel3.i386.rpm
File outdated by:  RHSA-2010:0329
    MD5: ecfce4eee3ede7414af9419bb857a663
curl-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 8646b2ff68f5f1ee2cc1ff5da875e7c7
curl-devel-7.10.6-7.rhel3.x86_64.rpm
File outdated by:  RHSA-2010:0329
    MD5: 65db40cfdfc676fd1a12c0b6bfae699a
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
curl-7.12.1-6.rhel4.src.rpm
File outdated by:  RHSA-2011:0918
    MD5: 354e2083a66997cc4f868b08f049798e
 
IA-32:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-devel-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 0bab280280fa3770e00b88cf34dab80e
 
IA-64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 07c388d071c757bbc7333538f3258ea3
curl-devel-7.12.1-6.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1009a4b23eccdf737d123cd073000d57
 
x86_64:
curl-7.12.1-6.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 7932c8695503fdf03165952b4c5ded91
curl-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: dc308198a4f9c9e5477911096a5e65de
curl-devel-7.12.1-6.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 6cc5d58957f9ddb9fef20c6201fe4e33
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

170678 - CAN-2005-3185 NTLM buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/