-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: curl security update Advisory ID: RHSA-2005:807-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-807.html Issue date: 2005-11-02 Updated on: 2005-11-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3185 - ---------------------------------------------------------------------
1. Summary:
Updated curl packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols.
A stack based buffer overflow bug was found in cURL's NTLM authentication module. It is possible to execute arbitrary code on a user's machine if the user can be tricked into connecting to a malicious web server using NTLM authentication. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3185 to this issue.
All users of curl are advised to upgrade to these updated packages, which contain a backported patch that resolve this issue.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
170678 - CAN-2005-3185 NTLM buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm
i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm
ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm
ppc: 77a1836af930e5326110ee8690317901 curl-7.10.6-7.rhel3.ppc.rpm 908d24e3cbc7d08036d43733d7ae2022 curl-7.10.6-7.rhel3.ppc64.rpm 0fc4b76591d36237efc18d58bb1566ec curl-devel-7.10.6-7.rhel3.ppc.rpm
s390: 7ade82b95dae4bc22e4030731ffbc641 curl-7.10.6-7.rhel3.s390.rpm 1ceb1c3662fb96ea90ebda1c46df2706 curl-devel-7.10.6-7.rhel3.s390.rpm
s390x: 7ade82b95dae4bc22e4030731ffbc641 curl-7.10.6-7.rhel3.s390.rpm b246e88f93093cb48eb1a86a8b80fe71 curl-7.10.6-7.rhel3.s390x.rpm aa34b35194bba528ed3b2c066b709508 curl-devel-7.10.6-7.rhel3.s390x.rpm
x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm
i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm
x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm
i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm
ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm
x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm
i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm
ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm
x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm
i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm
ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm
ppc: bbb86cd7e5976de2a7784c32db0e4233 curl-7.12.1-6.rhel4.ppc.rpm f12164cdc06758194f8c5c7893a63836 curl-7.12.1-6.rhel4.ppc64.rpm e410212395e7af4797aae342bdf1a590 curl-devel-7.12.1-6.rhel4.ppc.rpm
s390: cc8e0c6478a8af638c61e406ddafbaaa curl-7.12.1-6.rhel4.s390.rpm 61b6e8d9e57dcf391b202bb81db6955b curl-devel-7.12.1-6.rhel4.s390.rpm
s390x: cc8e0c6478a8af638c61e406ddafbaaa curl-7.12.1-6.rhel4.s390.rpm 5c79c8a8422d02e326f9b3654fd6805c curl-7.12.1-6.rhel4.s390x.rpm e5c6bb0ff192c70f77557235b9791c96 curl-devel-7.12.1-6.rhel4.s390x.rpm
x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm
i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm
x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm
i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm
ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm
x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm
i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm
ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm
x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDaL2zXlSAg2UNWIIRAijrAJ9+RCOmoT1snIc9dWW6n1F4T6w+wQCfR/bt J7pLvxJbZ2gb6IwmUvBDtRo= =aGua -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|