From Mageia wiki
Jump to: navigation, search

MGASA-2013-0121

Date: April 18th, 2013
Affected releases: 2
Media: Core


Description:
Updated curl packages fix security vulnerability:

libcurl is vulnerable to a cookie leak vulnerability when doing requests
across domains with matching tails. This vulnerability can be used to
hijack sessions in targetted attacks since registering domains using a
known domain's name as an ending is trivial (CVE-2013-1944).


Updated Packages:
i586:
curl-7.24.0-1.1.mga2.i586.rpm
curl-examples-7.24.0-1.1.mga2.i586.rpm
libcurl4-7.24.0-1.1.mga2.i586.rpm
libcurl-devel-7.24.0-1.1.mga2.i586.rpm
curl-debug-7.24.0-1.1.mga2.i586.rpm

x86_64:
curl-7.24.0-1.1.mga2.x86_64.rpm
curl-examples-7.24.0-1.1.mga2.x86_64.rpm
lib64curl4-7.24.0-1.1.mga2.x86_64.rpm
lib64curl-devel-7.24.0-1.1.mga2.x86_64.rpm
curl-debug-7.24.0-1.1.mga2.x86_64.rpm

SRPMS:
curl-7.24.0-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://curl.haxx.se/docs/adv_20130412.html
https://bugs.mageia.org/show_bug.cgi?id=9713