Skip to navigation

Security Advisory curl security update

Advisory: RHSA-2005:875-4
Type: Security Advisory
Severity: Moderate
Issued on: 2005-12-20
Last updated on: 2005-12-20
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-4077

Details

Updated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

Stefan Esser discovered an off-by-one bug in curl. It may be possible to
execute arbitrary code on a user's machine if the user can be tricked into
executing curl with a carefully crafted URL. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-4077 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

IA-32:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-devel-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 40e4373395a73d48813e5826302217ce
 
x86_64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: cac21a3c7f52b473547a7537a777c240
curl-devel-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 257b3566961c1e49ae9ab8b92cf9584b
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-devel-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 40e4373395a73d48813e5826302217ce
 
IA-64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: db6a1983890b2d4b9c087047703ffbfa
curl-devel-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: c1ee175858e2694554850a6074e05a78
 
PPC:
curl-7.12.1-8.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: c102b9482bfea7ed549468cbd527643a
curl-7.12.1-8.rhel4.ppc64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 5dca0663e9cea384f6c4b07d2b2c819e
curl-devel-7.12.1-8.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0918
    MD5: 1d695a5ff574dfb7e04ad1f71eed6334
 
s390:
curl-7.12.1-8.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: 71d21e63880d3f4f620e5bb7c2aa7786
curl-devel-7.12.1-8.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: 95b81b8528ed3f77e72ba904b3438f6c
 
s390x:
curl-7.12.1-8.rhel4.s390.rpm
File outdated by:  RHSA-2011:0918
    MD5: 71d21e63880d3f4f620e5bb7c2aa7786
curl-7.12.1-8.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: 2975ba72bc7b028a73cb8f34c4e02c7c
curl-devel-7.12.1-8.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0918
    MD5: e1f25c48b701ba616cf9cc8f340107f4
 
x86_64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: cac21a3c7f52b473547a7537a777c240
curl-devel-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 257b3566961c1e49ae9ab8b92cf9584b
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-devel-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 40e4373395a73d48813e5826302217ce
 
IA-64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: db6a1983890b2d4b9c087047703ffbfa
curl-devel-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: c1ee175858e2694554850a6074e05a78
 
x86_64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: cac21a3c7f52b473547a7537a777c240
curl-devel-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 257b3566961c1e49ae9ab8b92cf9584b
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-devel-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 40e4373395a73d48813e5826302217ce
 
IA-64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: db6a1983890b2d4b9c087047703ffbfa
curl-devel-7.12.1-8.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0918
    MD5: c1ee175858e2694554850a6074e05a78
 
x86_64:
curl-7.12.1-8.rhel4.i386.rpm
File outdated by:  RHSA-2011:0918
    MD5: 8eb8d6c18a0098a29c74762e3b5917b1
curl-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: cac21a3c7f52b473547a7537a777c240
curl-devel-7.12.1-8.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0918
    MD5: 257b3566961c1e49ae9ab8b92cf9584b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

175266 - CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/