MGASA-2013-0121
Date: | April 18th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated curl packages fix security vulnerability:
libcurl is vulnerable to a cookie leak vulnerability when doing requests
across domains with matching tails. This vulnerability can be used to
hijack sessions in targetted attacks since registering domains using a
known domain's name as an ending is trivial (CVE-2013-1944).
Updated Packages:
i586:
curl-7.24.0-1.1.mga2.i586.rpm
curl-examples-7.24.0-1.1.mga2.i586.rpm
libcurl4-7.24.0-1.1.mga2.i586.rpm
libcurl-devel-7.24.0-1.1.mga2.i586.rpm
curl-debug-7.24.0-1.1.mga2.i586.rpm
x86_64:
curl-7.24.0-1.1.mga2.x86_64.rpm
curl-examples-7.24.0-1.1.mga2.x86_64.rpm
lib64curl4-7.24.0-1.1.mga2.x86_64.rpm
lib64curl-devel-7.24.0-1.1.mga2.x86_64.rpm
curl-debug-7.24.0-1.1.mga2.x86_64.rpm
SRPMS:
curl-7.24.0-1.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://curl.haxx.se/docs/adv_20130412.html
https://bugs.mageia.org/show_bug.cgi?id=9713