Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: curl on SL5.x, SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Thursday 25th April 2013 13:22:12 UTC (over 3 years ago)
Synopsis:          Moderate: curl security update
Advisory ID:       SLSA-2013:0771-1
Issue Date:        2013-04-24
CVE Numbers:       CVE-2013-1944
--

A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against libcurl
sending the wrong cookie if only part of the domain name matched the
domain associated with the cookie, disclosing the cookie to unrelated
hosts. (CVE-2013-1944)

All running applications using libcurl must be restarted for the update to
take effect.
--

SL5
  x86_64
    curl-7.15.5-16.el5_9.i386.rpm
    curl-7.15.5-16.el5_9.x86_64.rpm
    curl-debuginfo-7.15.5-16.el5_9.i386.rpm
    curl-debuginfo-7.15.5-16.el5_9.x86_64.rpm
    curl-devel-7.15.5-16.el5_9.i386.rpm
    curl-devel-7.15.5-16.el5_9.x86_64.rpm
  i386
    curl-7.15.5-16.el5_9.i386.rpm
    curl-debuginfo-7.15.5-16.el5_9.i386.rpm
    curl-devel-7.15.5-16.el5_9.i386.rpm
SL6
  x86_64
    curl-7.19.7-36.el6_4.x86_64.rpm
    curl-debuginfo-7.19.7-36.el6_4.i686.rpm
    curl-debuginfo-7.19.7-36.el6_4.x86_64.rpm
    libcurl-7.19.7-36.el6_4.i686.rpm
    libcurl-7.19.7-36.el6_4.x86_64.rpm
    libcurl-devel-7.19.7-36.el6_4.i686.rpm
    libcurl-devel-7.19.7-36.el6_4.x86_64.rpm
  i386
    curl-7.19.7-36.el6_4.i686.rpm
    curl-debuginfo-7.19.7-36.el6_4.i686.rpm
    libcurl-7.19.7-36.el6_4.i686.rpm
    libcurl-devel-7.19.7-36.el6_4.i686.rpm

For dependency resolution the following packages were added to SL6
  x86_64
    libssh2-1.4.2-1.el6.i686.rpm
    libssh2-1.4.2-1.el6.x86_64.rpm
    libssh2-devel-1.4.2-1.el6.i686.rpm
    libssh2-devel-1.4.2-1.el6.x86_64.rpm
    libssh2-docs-1.4.2-1.el6.x86_64.rpm
  i386
    libssh2-1.4.2-1.el6.i686.rpm
    libssh2-devel-1.4.2-1.el6.i686.rpm
    libssh2-docs-1.4.2-1.el6.i686.rpm

- Scientific Linux Development Team
 
CD: 3ms