Mandriva 1274 Published by

Updated curl packages are available for Mandrakelinux

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: curl
Advisory ID: MDKSA-2005:048
Date: March 4th, 2005

Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________

Problem Description:

"infamous41md" discovered a buffer overflow vulnerability in libcurl's NTLM authorization base64 decoding. This could allow a remote attacker using a prepared remote server to execute arbitrary code as the user running curl.

The updated packages are patched to deal with these issues.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
5e359e1440af3150fff501af3337f8f6 10.0/RPMS/curl-7.11.0-2.1.100mdk.i586.rpm
ed2893b0a0cd269175cc8e27c2d04a06 10.0/RPMS/libcurl2-7.11.0-2.1.100mdk.i586.rpm
34d0da12d64d6f27d17fb0dd46676870 10.0/RPMS/libcurl2-devel-7.11.0-2.1.100mdk.i586.rpm
53b2ac18baa15810a7f0321d24bbdea8 10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0386f15dd07dffdafcc74c8957a4dc00 amd64/10.0/RPMS/curl-7.11.0-2.1.100mdk.amd64.rpm
cb3ac9ad77a6e68e9f6d7bcdb8776bee amd64/10.0/RPMS/lib64curl2-7.11.0-2.1.100mdk.amd64.rpm
b5118a34cf3436c68ba3c0081a2681af amd64/10.0/RPMS/lib64curl2-devel-7.11.0-2.1.100mdk.amd64.rpm
53b2ac18baa15810a7f0321d24bbdea8 amd64/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
a9a5c3b2af793fbfdc4f897a01788f27 10.1/RPMS/curl-7.12.1-1.1.101mdk.i586.rpm
caad27287f1db33094ac2171e6cfa860 10.1/RPMS/libcurl3-7.12.1-1.1.101mdk.i586.rpm
61bea15f364b11ba85ee708b48f8fe6a 10.1/RPMS/libcurl3-devel-7.12.1-1.1.101mdk.i586.rpm
e140c850303eb14c12b318538f2266ce 10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9cc7757d89a688c3464f1f95a260d0eb x86_64/10.1/RPMS/curl-7.12.1-1.1.101mdk.x86_64.rpm
37ad8e8e677c36655b36be00d0243201 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.1.101mdk.x86_64.rpm
1328bfd561b123d7c49fc68345910c24 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.1.101mdk.x86_64.rpm
e140c850303eb14c12b318538f2266ce x86_64/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm

Corporate 3.0:
f99dfd0c67f16bbe2e57869c3c3ca7ea corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.i586.rpm
07547b2c4a4dc7051db43fd968af591d corporate/3.0/RPMS/libcurl2-7.11.0-2.1.C30mdk.i586.rpm
695e859f8cc2ec503188722b606854d4 corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.1.C30mdk.i586.rpm
8766893d25c2fccefa90d32f9da6500e corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
7ed8e6b6e1611c97c02b357482694a3c x86_64/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.x86_64.rpm
ff8bd600e1229333e14d25f9323a462d x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.1.C30mdk.x86_64.rpm
4c01c4a92bfeca71b818b723fd4752f4 x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.1.C30mdk.x86_64.rpm
8766893d25c2fccefa90d32f9da6500e x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com