Red Hat Product Errata RHSA-2010:0329 - Security Advisory
Issued:
2010-03-30
Updated:
2010-03-30

RHSA-2010:0329 - Security Advisory

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated curl packages that fix one security issue are now available for Red
Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.

Wesley Miaw discovered that when deflate compression was used, libcurl
could call the registered write callback function with data exceeding the
documented limit. A malicious server could use this flaw to crash an
application using libcurl or, potentially, execute arbitrary code. Note:
This issue only affected applications using libcurl that rely on the
documented data size limit, and that copy the data to the insufficiently
sized buffer. (CVE-2010-0734)

Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

  • BZ - 563220 - CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

Red Hat Enterprise Linux Server 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Workstation 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
ia64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: 0b2f7a357c43c2fe8b551c56f3a454769a54fc17462ee5a2b13f3d05e5117455
curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm SHA-256: c18a0ae20eca92586b829b0353d446ab250f9cc585be2d1cdcbe4b0cde7cfe80
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
x86_64
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: f41baab40266038ce29c08a4256b09061fef4b850fc1809487665ae79cf339f8
curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm SHA-256: b01b8b5e11662cd153edf8b1c608cd9e10650f3cfa361b48b31db9f9ae9b5743
i386
curl-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: c508ff5b38cbeed91f9775c48c1ff1483d2a6e62599d8979f2258ca60a6ee4a8
curl-devel-7.12.1-11.1.el4_8.3.i386.rpm SHA-256: 9538a7c2a1abc8c7ab928cb3e8be37ad67ac0982da6bb0aa45bbeabca96eabee

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
s390x
curl-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-7.12.1-11.1.el4_8.3.s390x.rpm SHA-256: 03ddf540c91a19bebf3c90dc5ae7a354ee57d94a859f8865f7ecf2847b26bfee
curl-devel-7.12.1-11.1.el4_8.3.s390x.rpm SHA-256: e043dda8d2bd71c0374a66f58ec5bd31ba96d083be99a87c5704e8fb7390ab23
s390
curl-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-devel-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 11be81ba14468acb98d38eace49cef78b9cabcf28f6954ce6da70c00ac9bfe23

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
s390x
curl-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-7.12.1-11.1.el4_8.3.s390x.rpm SHA-256: 03ddf540c91a19bebf3c90dc5ae7a354ee57d94a859f8865f7ecf2847b26bfee
curl-devel-7.12.1-11.1.el4_8.3.s390x.rpm SHA-256: e043dda8d2bd71c0374a66f58ec5bd31ba96d083be99a87c5704e8fb7390ab23
s390
curl-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 03e34863cf0d0b0e82a2ba50a0e812039c957154e9eeed2c21e557362f573951
curl-devel-7.12.1-11.1.el4_8.3.s390.rpm SHA-256: 11be81ba14468acb98d38eace49cef78b9cabcf28f6954ce6da70c00ac9bfe23

Red Hat Enterprise Linux for Power, big endian 4

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
ppc
curl-7.12.1-11.1.el4_8.3.ppc.rpm SHA-256: c120429daf6309016aa83a26a12b72490f2ea0683e00e201603183c1c0f358c5
curl-7.12.1-11.1.el4_8.3.ppc64.rpm SHA-256: 9e43ac690e5a1d7daaf2c37716b203a42f9ba2d9f109788458dcbfb5b2881f9c
curl-devel-7.12.1-11.1.el4_8.3.ppc.rpm SHA-256: 2f0828daac8b56fc9e1edd2271aa4afd0dbdf1c3572207da7f62dc5b6905d3b7

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
curl-7.12.1-11.1.el4_8.3.src.rpm SHA-256: a14ac546bbe9d6c3a3809ab1c91428cb6f16678c89516083cca0bc1d2718cf3a
ppc
curl-7.12.1-11.1.el4_8.3.ppc.rpm SHA-256: c120429daf6309016aa83a26a12b72490f2ea0683e00e201603183c1c0f358c5
curl-7.12.1-11.1.el4_8.3.ppc64.rpm SHA-256: 9e43ac690e5a1d7daaf2c37716b203a42f9ba2d9f109788458dcbfb5b2881f9c
curl-devel-7.12.1-11.1.el4_8.3.ppc.rpm SHA-256: 2f0828daac8b56fc9e1edd2271aa4afd0dbdf1c3572207da7f62dc5b6905d3b7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.