Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in curl
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in curl
ID: FEDORA-2012-0888
Distribution: Fedora
Plattformen: Fedora 15
Datum: So, 12. Februar 2012, 13:55
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0036
Applikationen: curl

Originalnachricht

Name        : curl
Product : Fedora 15
Version : 7.21.3
Release : 13.fc15
URL : http://curl.haxx.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and
others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

-------------------------------------------------------------------------------
-
Update Information:

reject URLs containing bad data (CVE-2012-0036)
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jan 24 2012 Kamil Dudka <kdudka@redhat.com> 7.21.3-13
- reject URLs containing bad data (CVE-2012-0036)
* Mon Sep 19 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-12
- curl-config now provides dummy --static-libs option (#733956)
- break busy loops in tests 502, 555, and 573
* Sun Aug 21 2011 Paul Howarth <paul@city-fan.org> 7.21.3-11
- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
* Tue Aug 16 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-10
- fix SIGSEGV of curl -O -J given more than one URL (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken (#728562)
* Wed Aug 3 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-9
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
* Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-8
- do not delegate GSSAPI credentials (CVE-2011-2192)
* Wed Jun 8 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-7
- avoid an invalid timeout event on a reused handle (#679709)
- sync the NSS code with upstream f551aa5 (several bug fixes)
- sync the code of curl-multi with upstream f551aa5 (several bug fixes)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #773457 - CVE-2012-0036 curl: URL sanitization vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=773457
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update curl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung