Issued:: 2010-03-30
Updated:: 2010-03-30

RHSA-2010:0329 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated curl packages that fix one security issue are now available for Red
Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.

Wesley Miaw discovered that when deflate compression was used, libcurl
could call the registered write callback function with data exceeding the
documented limit. A malicious server could use this flaw to crash an
application using libcurl or, potentially, execute arbitrary code. Note:
This issue only affected applications using libcurl that rely on the
documented data size limit, and that copy the data to the insufficiently
sized buffer. (CVE-2010-0734)

Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

BZ - 563220 - CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

CVEs

CVE-2010-0734

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Workstation 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm	SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm	SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm	SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
s390x
curl-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-7.12.1-11.1.el4_8.3.s390x.rpm	SHA-256: 03ddf540c91a19bebf3c90dc5ae7a354ee57d94a859f8865f7ecf2847b26bfee
curl-devel-7.12.1-11.1.el4_8.3.s390x.rpm	SHA-256: e043dda8d2bd71c0374a66f58ec5bd31ba96d083be99a87c5704e8fb7390ab23
s390
curl-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-devel-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 11be81ba14468acb98d38eace49cef78b9cabcf28f6954ce6da70c00ac9bfe23

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
s390x
curl-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-7.12.1-11.1.el4_8.3.s390x.rpm	SHA-256: 03ddf540c91a19bebf3c90dc5ae7a354ee57d94a859f8865f7ecf2847b26bfee
curl-devel-7.12.1-11.1.el4_8.3.s390x.rpm	SHA-256: e043dda8d2bd71c0374a66f58ec5bd31ba96d083be99a87c5704e8fb7390ab23
s390
curl-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-devel-7.12.1-11.1.el4_8.3.s390.rpm	SHA-256: 11be81ba14468acb98d38eace49cef78b9cabcf28f6954ce6da70c00ac9bfe23

Red Hat Enterprise Linux for Power, big endian 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
ppc
curl-7.12.1-11.1.el4_8.3.ppc.rpm	SHA-256: c120429daf6309016aa83a26a12b72490f2ea0683e00e201603183c1c0f358c5
curl-7.12.1-11.1.el4_8.3.ppc64.rpm	SHA-256: 9e43ac690e5a1d7daaf2c37716b203a42f9ba2d9f109788458dcbfb5b2881f9c
curl-devel-7.12.1-11.1.el4_8.3.ppc.rpm	SHA-256: 2f0828daac8b56fc9e1edd2271aa4afd0dbdf1c3572207da7f62dc5b6905d3b7

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm	SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
ppc
curl-7.12.1-11.1.el4_8.3.ppc.rpm	SHA-256: c120429daf6309016aa83a26a12b72490f2ea0683e00e201603183c1c0f358c5
curl-7.12.1-11.1.el4_8.3.ppc64.rpm	SHA-256: 9e43ac690e5a1d7daaf2c37716b203a42f9ba2d9f109788458dcbfb5b2881f9c
curl-devel-7.12.1-11.1.el4_8.3.ppc.rpm	SHA-256: 2f0828daac8b56fc9e1edd2271aa4afd0dbdf1c3572207da7f62dc5b6905d3b7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation