From Mageia wiki
Revision as of 21:58, 17 April 2013 by Tmb (talk | contribs) (Created page with "== MGASA-2013-0121 == {| |'''Date:''' |April 18th, 2013 |- |'''Affected releases:''' |2 |- |'''Media:''' |Core |} '''Description:'''<br/> Updated curl packages fix security vu...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

MGASA-2013-0121

Date: April 18th, 2013
Affected releases: 2
Media: Core


Description:
Updated curl packages fix security vulnerability:

libcurl is vulnerable to a cookie leak vulnerability when doing requests
across domains with matching tails. This vulnerability can be used to
hijack sessions in targetted attacks since registering domains using a
known domain's name as an ending is trivial (CVE-2013-1944).


Updated Packages:
i586:
curl-7.24.0-1.1.mga2.i586.rpm
curl-examples-7.24.0-1.1.mga2.i586.rpm
libcurl4-7.24.0-1.1.mga2.i586.rpm
libcurl-devel-7.24.0-1.1.mga2.i586.rpm
curl-debug-7.24.0-1.1.mga2.i586.rpm

x86_64:
curl-7.24.0-1.1.mga2.x86_64.rpm
curl-examples-7.24.0-1.1.mga2.x86_64.rpm
lib64curl4-7.24.0-1.1.mga2.x86_64.rpm
lib64curl-devel-7.24.0-1.1.mga2.x86_64.rpm
curl-debug-7.24.0-1.1.mga2.x86_64.rpm

SRPMS:
curl-7.24.0-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://curl.haxx.se/docs/adv_20130412.html
https://bugs.mageia.org/show_bug.cgi?id=9713

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0121&oldid=16212"