User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0121 (curl)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0121: curl-7.24.0-1.1.mga2 (2/core)
Date:  Thu, 18 Apr 2013 00:30:39 +0200
Message-ID:  <20130417223038.GA30344@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0121 Date: April 18th, 2013 Affected releases: 2 Media: Core Description: Updated curl packages fix security vulnerability: libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial (CVE-2013-1944). Updated Packages: i586: curl-7.24.0-1.1.mga2.i586.rpm curl-examples-7.24.0-1.1.mga2.i586.rpm libcurl4-7.24.0-1.1.mga2.i586.rpm libcurl-devel-7.24.0-1.1.mga2.i586.rpm curl-debug-7.24.0-1.1.mga2.i586.rpm x86_64: curl-7.24.0-1.1.mga2.x86_64.rpm curl-examples-7.24.0-1.1.mga2.x86_64.rpm lib64curl4-7.24.0-1.1.mga2.x86_64.rpm lib64curl-devel-7.24.0-1.1.mga2.x86_64.rpm curl-debug-7.24.0-1.1.mga2.x86_64.rpm SRPMS: curl-7.24.0-1.1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944 http://curl.haxx.se/docs/adv_20130412.html https://bugs.mageia.org/show_bug.cgi?id=9713 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds