Issued:: 2005-11-02
Updated:: 2005-11-02

RHSA-2005:807 - Security Advisory

Overview
Updated Packages

Synopsis

curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated curl packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

A stack based buffer overflow bug was found in cURL's NTLM authentication
module. It is possible to execute arbitrary code on a user's machine if
the user can be tricked into connecting to a malicious web server using
NTLM authentication. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3185 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolve this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 170678 - CAN-2005-3185 NTLM buffer overflow

CVEs

CVE-2005-3185

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
curl-7.12.1-6.rhel4.src.rpm	SHA-256: 896aeb7bbaf424340c9aab5d84f393a6d40011533114df4daf4a8bf38cc26166
x86_64
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.x86_64.rpm	SHA-256: f64026f5f70cea7ee9441b67d9b546917665cc2cf85f73a339a0b5c786c32ab8
curl-7.12.1-6.rhel4.x86_64.rpm	SHA-256: f64026f5f70cea7ee9441b67d9b546917665cc2cf85f73a339a0b5c786c32ab8
curl-devel-7.12.1-6.rhel4.x86_64.rpm	SHA-256: fda81a9363f802e7c6454c5785b4a9d7ab2e58c7068358f0a3972e86cfa65ff8
curl-devel-7.12.1-6.rhel4.x86_64.rpm	SHA-256: fda81a9363f802e7c6454c5785b4a9d7ab2e58c7068358f0a3972e86cfa65ff8
ia64
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.ia64.rpm	SHA-256: f783e02fc29900ae26ed834db9faad1194641d45b92f23c75a82b1a7542c2edf
curl-7.12.1-6.rhel4.ia64.rpm	SHA-256: f783e02fc29900ae26ed834db9faad1194641d45b92f23c75a82b1a7542c2edf
curl-devel-7.12.1-6.rhel4.ia64.rpm	SHA-256: 8905602526c8a48f3914d3e6e6b43473b8c9d816140f1be3148f0663f4e75f24
curl-devel-7.12.1-6.rhel4.ia64.rpm	SHA-256: 8905602526c8a48f3914d3e6e6b43473b8c9d816140f1be3148f0663f4e75f24
i386
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-devel-7.12.1-6.rhel4.i386.rpm	SHA-256: a10916d7bda6b7e9ad6be4bc468dae5918bbac3a06632f1695cc5dcb48110743
curl-devel-7.12.1-6.rhel4.i386.rpm	SHA-256: a10916d7bda6b7e9ad6be4bc468dae5918bbac3a06632f1695cc5dcb48110743

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
curl-7.12.1-6.rhel4.src.rpm	SHA-256: 896aeb7bbaf424340c9aab5d84f393a6d40011533114df4daf4a8bf38cc26166
x86_64
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.x86_64.rpm	SHA-256: f64026f5f70cea7ee9441b67d9b546917665cc2cf85f73a339a0b5c786c32ab8
curl-devel-7.12.1-6.rhel4.x86_64.rpm	SHA-256: fda81a9363f802e7c6454c5785b4a9d7ab2e58c7068358f0a3972e86cfa65ff8
ia64
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.ia64.rpm	SHA-256: f783e02fc29900ae26ed834db9faad1194641d45b92f23c75a82b1a7542c2edf
curl-devel-7.12.1-6.rhel4.ia64.rpm	SHA-256: 8905602526c8a48f3914d3e6e6b43473b8c9d816140f1be3148f0663f4e75f24
i386
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-devel-7.12.1-6.rhel4.i386.rpm	SHA-256: a10916d7bda6b7e9ad6be4bc468dae5918bbac3a06632f1695cc5dcb48110743

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
curl-7.12.1-6.rhel4.src.rpm	SHA-256: 896aeb7bbaf424340c9aab5d84f393a6d40011533114df4daf4a8bf38cc26166
x86_64
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-7.12.1-6.rhel4.x86_64.rpm	SHA-256: f64026f5f70cea7ee9441b67d9b546917665cc2cf85f73a339a0b5c786c32ab8
curl-devel-7.12.1-6.rhel4.x86_64.rpm	SHA-256: fda81a9363f802e7c6454c5785b4a9d7ab2e58c7068358f0a3972e86cfa65ff8
i386
curl-7.12.1-6.rhel4.i386.rpm	SHA-256: 69570a382b41eddf3c5cb38873ee7bb6dc95cb8c8514d7cb030b2c0833e1f5ff
curl-devel-7.12.1-6.rhel4.i386.rpm	SHA-256: a10916d7bda6b7e9ad6be4bc468dae5918bbac3a06632f1695cc5dcb48110743

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
curl-7.12.1-6.rhel4.src.rpm	SHA-256: 896aeb7bbaf424340c9aab5d84f393a6d40011533114df4daf4a8bf38cc26166
s390x
curl-7.12.1-6.rhel4.s390.rpm	SHA-256: 55bb256d4a4507170f2c25ac7dc52df298a733e3f4d0aa1411131831dd02f3fe
curl-7.12.1-6.rhel4.s390x.rpm	SHA-256: 5d2d90c47e4cb60f1bb980014c4ebae967492af9861545c73c05e7a4fa9f6adf
curl-devel-7.12.1-6.rhel4.s390x.rpm	SHA-256: 68d82e8cdaaded79220ce35d1b0a7f21db689a32c28e4d17681fb19277c6de93
s390
curl-7.12.1-6.rhel4.s390.rpm	SHA-256: 55bb256d4a4507170f2c25ac7dc52df298a733e3f4d0aa1411131831dd02f3fe
curl-devel-7.12.1-6.rhel4.s390.rpm	SHA-256: a9d3c48f7f78e14871ccb53b44a7698409460c840f1bbff93d4c74d4c2dce05c

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
curl-7.12.1-6.rhel4.src.rpm	SHA-256: 896aeb7bbaf424340c9aab5d84f393a6d40011533114df4daf4a8bf38cc26166
ppc
curl-7.12.1-6.rhel4.ppc.rpm	SHA-256: a756f2f49b6bdebd7f462ce48a54d9f2d9db1942b1c08cbff9d11f7547532ee6
curl-7.12.1-6.rhel4.ppc64.rpm	SHA-256: 2eb88ffacaa4856a1fa17e32de0af128a0fdf6bfacc908afd41e1a7b309b5cd8
curl-devel-7.12.1-6.rhel4.ppc.rpm	SHA-256: 97b2b616cfc0ac612f9353e84500c9039012344fe0b5998674b45f026e9a100b

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation