|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Security-Discuss] Re: [Security Announce] MDKSA-2005:048 - Updated curl packages fix vulnerability
From: Evert Daman (e_daman
yahoo.com)
Date: Sat Mar 05 2005 - 06:22:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
this does not effect corporate 2.1?
kind regards,
Evert
--- Mandrakelinux Security Team
<securitylinux-mandrake.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
_______________________________________________________________________
>
> Mandrakelinux Security Update
> Advisory
>
>
_______________________________________________________________________
>
> Package name: curl
> Advisory ID: MDKSA-2005:048
> Date: March 4th, 2005
>
> Affected versions: 10.0, 10.1, Corporate 3.0
>
>
______________________________________________________________________
>
> Problem Description:
>
> "infamous41md" discovered a buffer overflow
> vulnerability in
> libcurl's NTLM authorization base64 decoding. This
> could allow a
> remote attacker using a prepared remote server to
> execute arbitrary
> code as the user running curl.
>
> The updated packages are patched to deal with these
> issues.
>
>
_______________________________________________________________________
>
> References:
>
>
>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
>
>
______________________________________________________________________
>
> Updated Packages:
>
> Mandrakelinux 10.0:
> 5e359e1440af3150fff501af3337f8f6
> 10.0/RPMS/curl-7.11.0-2.1.100mdk.i586.rpm
> ed2893b0a0cd269175cc8e27c2d04a06
> 10.0/RPMS/libcurl2-7.11.0-2.1.100mdk.i586.rpm
> 34d0da12d64d6f27d17fb0dd46676870
> 10.0/RPMS/libcurl2-devel-7.11.0-2.1.100mdk.i586.rpm
> 53b2ac18baa15810a7f0321d24bbdea8
> 10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm
>
> Mandrakelinux 10.0/AMD64:
> 0386f15dd07dffdafcc74c8957a4dc00
> amd64/10.0/RPMS/curl-7.11.0-2.1.100mdk.amd64.rpm
> cb3ac9ad77a6e68e9f6d7bcdb8776bee
>
amd64/10.0/RPMS/lib64curl2-7.11.0-2.1.100mdk.amd64.rpm
> b5118a34cf3436c68ba3c0081a2681af
>
amd64/10.0/RPMS/lib64curl2-devel-7.11.0-2.1.100mdk.amd64.rpm
> 53b2ac18baa15810a7f0321d24bbdea8
> amd64/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm
>
> Mandrakelinux 10.1:
> a9a5c3b2af793fbfdc4f897a01788f27
> 10.1/RPMS/curl-7.12.1-1.1.101mdk.i586.rpm
> caad27287f1db33094ac2171e6cfa860
> 10.1/RPMS/libcurl3-7.12.1-1.1.101mdk.i586.rpm
> 61bea15f364b11ba85ee708b48f8fe6a
> 10.1/RPMS/libcurl3-devel-7.12.1-1.1.101mdk.i586.rpm
> e140c850303eb14c12b318538f2266ce
> 10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm
>
> Mandrakelinux 10.1/X86_64:
> 9cc7757d89a688c3464f1f95a260d0eb
> x86_64/10.1/RPMS/curl-7.12.1-1.1.101mdk.x86_64.rpm
> 37ad8e8e677c36655b36be00d0243201
>
x86_64/10.1/RPMS/lib64curl3-7.12.1-1.1.101mdk.x86_64.rpm
> 1328bfd561b123d7c49fc68345910c24
>
x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.1.101mdk.x86_64.rpm
> e140c850303eb14c12b318538f2266ce
> x86_64/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm
>
> Corporate 3.0:
> f99dfd0c67f16bbe2e57869c3c3ca7ea
> corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.i586.rpm
> 07547b2c4a4dc7051db43fd968af591d
>
corporate/3.0/RPMS/libcurl2-7.11.0-2.1.C30mdk.i586.rpm
> 695e859f8cc2ec503188722b606854d4
>
corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.1.C30mdk.i586.rpm
> 8766893d25c2fccefa90d32f9da6500e
> corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
>
> Corporate 3.0/X86_64:
> 7ed8e6b6e1611c97c02b357482694a3c
>
x86_64/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.x86_64.rpm
> ff8bd600e1229333e14d25f9323a462d
>
x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.1.C30mdk.x86_64.rpm
> 4c01c4a92bfeca71b818b723fd4752f4
>
x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.1.C30mdk.x86_64.rpm
> 8766893d25c2fccefa90d32f9da6500e
>
x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm
>
>
_______________________________________________________________________
>
> To upgrade automatically use MandrakeUpdate or
> urpmi. The verification
> of md5 checksums and GPG signatures is performed
> automatically for you.
>
> All packages are signed by Mandrakesoft for
> security. You can obtain
> the GPG public key of the Mandrakelinux Security
> Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for
> Mandrakelinux at:
>
> http://www.mandrakesoft.com/security/advisories
>
> If you want to report vulnerabilities, please
> contact
>
> security_linux-mandrake.com
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Linux Mandrake
> Security Team
> <security linux-mandrake.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
>
iD8DBQFCKNCzmqjQ0CJFipgRAt78AJsFipRsaya7hvNRZJuqqzzfHfuTmACcCk3C
> W4mpZ0eoGSJzmPqDh+b9YfE=
> =OWdi
> -----END PGP SIGNATURE-----
>
> >
____________________________________________________
> Want to buy your Pack or Services from MandrakeSoft?
>
> Go to http://www.mandrakestore.com
> Join the Club : http://www.mandrakeclub.com
> ____________________________________________________
>
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]