Red Hat Product Errata RHSA-2005:340 - Security Advisory
Issued:
2005-04-05
Updated:
2005-04-05

RHSA-2005:340 - Security Advisory

Synopsis

curl security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated curl packages are now available.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

Description

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity.

Multiple buffer overflow bugs were found in the way curl processes base64
encoded replies. If a victim can be tricked into visiting a URL with curl,
a malicious web server could execute arbitrary code on a victim's machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0490 to this issue.

All users of curl are advised to upgrade to these updated
packages, which contain backported fixes for these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 149322 - CAN-2005-0490 Multiple stack based buffer overflows in curl

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.x86_64.rpm SHA-256: 52f381044c7758e90df608a20d4fdf089a6ccd4792d7db5e7e0315ff6d443b73
curl-7.12.1-5.rhel4.x86_64.rpm SHA-256: 52f381044c7758e90df608a20d4fdf089a6ccd4792d7db5e7e0315ff6d443b73
curl-devel-7.12.1-5.rhel4.x86_64.rpm SHA-256: 41e8364a507375bc6d47b8c5843b4dc017b2b904280424fbc7f03c5f00295bfd
curl-devel-7.12.1-5.rhel4.x86_64.rpm SHA-256: 41e8364a507375bc6d47b8c5843b4dc017b2b904280424fbc7f03c5f00295bfd
ia64
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.ia64.rpm SHA-256: 18cc5d5e10a9370efed9190c45aeac5aba6062ef794e0b5689b6585e15a3f035
curl-7.12.1-5.rhel4.ia64.rpm SHA-256: 18cc5d5e10a9370efed9190c45aeac5aba6062ef794e0b5689b6585e15a3f035
curl-devel-7.12.1-5.rhel4.ia64.rpm SHA-256: ea749736250e01f10813b9dea883a2b383155045bf76250a38e8fcef7a51dde6
curl-devel-7.12.1-5.rhel4.ia64.rpm SHA-256: ea749736250e01f10813b9dea883a2b383155045bf76250a38e8fcef7a51dde6
i386
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-devel-7.12.1-5.rhel4.i386.rpm SHA-256: d84c869087e76f7f41f5836a74dc3a06c439bc8a3b6895709515a965ad5e06ad
curl-devel-7.12.1-5.rhel4.i386.rpm SHA-256: d84c869087e76f7f41f5836a74dc3a06c439bc8a3b6895709515a965ad5e06ad

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.x86_64.rpm SHA-256: 52f381044c7758e90df608a20d4fdf089a6ccd4792d7db5e7e0315ff6d443b73
curl-devel-7.12.1-5.rhel4.x86_64.rpm SHA-256: 41e8364a507375bc6d47b8c5843b4dc017b2b904280424fbc7f03c5f00295bfd
ia64
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.ia64.rpm SHA-256: 18cc5d5e10a9370efed9190c45aeac5aba6062ef794e0b5689b6585e15a3f035
curl-devel-7.12.1-5.rhel4.ia64.rpm SHA-256: ea749736250e01f10813b9dea883a2b383155045bf76250a38e8fcef7a51dde6
i386
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-devel-7.12.1-5.rhel4.i386.rpm SHA-256: d84c869087e76f7f41f5836a74dc3a06c439bc8a3b6895709515a965ad5e06ad

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-7.12.1-5.rhel4.x86_64.rpm SHA-256: 52f381044c7758e90df608a20d4fdf089a6ccd4792d7db5e7e0315ff6d443b73
curl-devel-7.12.1-5.rhel4.x86_64.rpm SHA-256: 41e8364a507375bc6d47b8c5843b4dc017b2b904280424fbc7f03c5f00295bfd
i386
curl-7.12.1-5.rhel4.i386.rpm SHA-256: 8196bc06e2cb835f40662f82d543e7ef959025c01dcf2cb093cf1bcff58f68e9
curl-devel-7.12.1-5.rhel4.i386.rpm SHA-256: d84c869087e76f7f41f5836a74dc3a06c439bc8a3b6895709515a965ad5e06ad

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
curl-7.12.1-5.rhel4.s390.rpm SHA-256: 03f395e8c571807b4dce1cf6f1d89508d057e7cedeb9ff553eff34d0987486f5
curl-7.12.1-5.rhel4.s390x.rpm SHA-256: a5b0e6ef8ada7bca1bff268126ad7a8610a21bf7178c820ebd2b553015d5a4f1
curl-devel-7.12.1-5.rhel4.s390x.rpm SHA-256: 65bedc6570e5611f99b76891e6bc4a4179e338ded97ce3048dae56ca68c79f7f
s390
curl-7.12.1-5.rhel4.s390.rpm SHA-256: 03f395e8c571807b4dce1cf6f1d89508d057e7cedeb9ff553eff34d0987486f5
curl-devel-7.12.1-5.rhel4.s390.rpm SHA-256: 7391361c952b9cc5825d58c8c7bcf9394c5f04735c051b71e3cdb05e1dc98b3d

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
curl-7.12.1-5.rhel4.ppc.rpm SHA-256: e1fecf0f8c9203a2ea0c4ce6a92e0cdc35ce8b86a419b6a14040bf7b6e89e499
curl-7.12.1-5.rhel4.ppc64.rpm SHA-256: 6b8e803e98f085c70fb5a350bc8fcdeb577ad18bc88ce9dbd4321830d922d015
curl-devel-7.12.1-5.rhel4.ppc.rpm SHA-256: 493ccea41652f2e0caa15e7b5f2b96b38c64bf41186bcad8e07c06c85c95eb74

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.