Red Hat Product Errata RHSA-2005:875 - Security Advisory

Issued:: 2005-12-20
Updated:: 2005-12-20

RHSA-2005:875 - Security Advisory

Overview
Updated Packages

Synopsis

curl security update

Type/Severity

Security Advisory: Moderate

Topic

Updated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

Stefan Esser discovered an off-by-one bug in curl. It may be possible to
execute arbitrary code on a user's machine if the user can be tricked into
executing curl with a carefully crafted URL. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-4077 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 175266 - CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability

CVEs

CVE-2005-4077

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
curl-7.12.1-8.rhel4.src.rpm	SHA-256: 7730cb0997382e8d93ccb51d944799629764ab2df61cc3da17c00fb58486ae6e
x86_64
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.x86_64.rpm	SHA-256: c7f023e8e9bc1bef7b06371c310f812895eb2c12fd7a40c9e0b94a5ce8e9cc0e
curl-7.12.1-8.rhel4.x86_64.rpm	SHA-256: c7f023e8e9bc1bef7b06371c310f812895eb2c12fd7a40c9e0b94a5ce8e9cc0e
curl-devel-7.12.1-8.rhel4.x86_64.rpm	SHA-256: 85c88ac26773ab2b67b3f15ef0703158409c023d28ca0152923371fa93830c44
curl-devel-7.12.1-8.rhel4.x86_64.rpm	SHA-256: 85c88ac26773ab2b67b3f15ef0703158409c023d28ca0152923371fa93830c44
ia64
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.ia64.rpm	SHA-256: 95eafee0b707ced86ea64161e98876ff3aaa1a8df01b3cf81a92c927ece1993b
curl-7.12.1-8.rhel4.ia64.rpm	SHA-256: 95eafee0b707ced86ea64161e98876ff3aaa1a8df01b3cf81a92c927ece1993b
curl-devel-7.12.1-8.rhel4.ia64.rpm	SHA-256: 9e1c0d4eab4ee85fe79d5d57f43cf9ca3bc4a4407f971c69d038b2daa75b4dcf
curl-devel-7.12.1-8.rhel4.ia64.rpm	SHA-256: 9e1c0d4eab4ee85fe79d5d57f43cf9ca3bc4a4407f971c69d038b2daa75b4dcf
i386
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-devel-7.12.1-8.rhel4.i386.rpm	SHA-256: 1d28b0f957aa67925816e4a388c75b9af26c92a33e4ae798e04253fa7a3737ae
curl-devel-7.12.1-8.rhel4.i386.rpm	SHA-256: 1d28b0f957aa67925816e4a388c75b9af26c92a33e4ae798e04253fa7a3737ae

Red Hat Enterprise Linux Workstation 4

SRPM
curl-7.12.1-8.rhel4.src.rpm	SHA-256: 7730cb0997382e8d93ccb51d944799629764ab2df61cc3da17c00fb58486ae6e
x86_64
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.x86_64.rpm	SHA-256: c7f023e8e9bc1bef7b06371c310f812895eb2c12fd7a40c9e0b94a5ce8e9cc0e
curl-devel-7.12.1-8.rhel4.x86_64.rpm	SHA-256: 85c88ac26773ab2b67b3f15ef0703158409c023d28ca0152923371fa93830c44
ia64
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.ia64.rpm	SHA-256: 95eafee0b707ced86ea64161e98876ff3aaa1a8df01b3cf81a92c927ece1993b
curl-devel-7.12.1-8.rhel4.ia64.rpm	SHA-256: 9e1c0d4eab4ee85fe79d5d57f43cf9ca3bc4a4407f971c69d038b2daa75b4dcf
i386
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-devel-7.12.1-8.rhel4.i386.rpm	SHA-256: 1d28b0f957aa67925816e4a388c75b9af26c92a33e4ae798e04253fa7a3737ae

Red Hat Enterprise Linux Desktop 4

SRPM
curl-7.12.1-8.rhel4.src.rpm	SHA-256: 7730cb0997382e8d93ccb51d944799629764ab2df61cc3da17c00fb58486ae6e
x86_64
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-7.12.1-8.rhel4.x86_64.rpm	SHA-256: c7f023e8e9bc1bef7b06371c310f812895eb2c12fd7a40c9e0b94a5ce8e9cc0e
curl-devel-7.12.1-8.rhel4.x86_64.rpm	SHA-256: 85c88ac26773ab2b67b3f15ef0703158409c023d28ca0152923371fa93830c44
i386
curl-7.12.1-8.rhel4.i386.rpm	SHA-256: 4e1983e8458422e32281368f9912bee9d13d934cb4011fd4dd40ebafb3e8d739
curl-devel-7.12.1-8.rhel4.i386.rpm	SHA-256: 1d28b0f957aa67925816e4a388c75b9af26c92a33e4ae798e04253fa7a3737ae

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
curl-7.12.1-8.rhel4.src.rpm	SHA-256: 7730cb0997382e8d93ccb51d944799629764ab2df61cc3da17c00fb58486ae6e
s390x
curl-7.12.1-8.rhel4.s390.rpm	SHA-256: 301ac7d44325adb16bb127df0852036f6af4a2c41ea4003bc8584256d9a9a52a
curl-7.12.1-8.rhel4.s390x.rpm	SHA-256: d5c6ddf79c1c794a46b340e0fa42b25a360dfd2a75cdf64524c0cc7690e5141a
curl-devel-7.12.1-8.rhel4.s390x.rpm	SHA-256: aad3233b7983e2233b8ff996a173e35259c241ccf7232cdb783186430fd510cf
s390
curl-7.12.1-8.rhel4.s390.rpm	SHA-256: 301ac7d44325adb16bb127df0852036f6af4a2c41ea4003bc8584256d9a9a52a
curl-devel-7.12.1-8.rhel4.s390.rpm	SHA-256: c2fdf3560d2559fac940c0e8dc38fd4b8f9f7dffa2a06807abaa456d70b261a8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
curl-7.12.1-8.rhel4.src.rpm	SHA-256: 7730cb0997382e8d93ccb51d944799629764ab2df61cc3da17c00fb58486ae6e
ppc
curl-7.12.1-8.rhel4.ppc.rpm	SHA-256: ae20b0871fa86206ae5f39d9c379390a35562d08fec91e664d5f7cc36baf03a8
curl-7.12.1-8.rhel4.ppc64.rpm	SHA-256: 144cd4b5c79a4c416abec8d4aa6b2a04506f07e82d0cfaf624ca87c95c52876b
curl-devel-7.12.1-8.rhel4.ppc.rpm	SHA-256: c83eaf6636ab7acdf53eb854944bb6f2c642777289fc2e4ea4fbeb609cfdb682

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories