LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: curl security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated curl packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update
Advisory ID:       RHSA-2005:807-00
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-807.html
Issue date:        2005-11-02
Updated on:        2005-11-02
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3185
- ---------------------------------------------------------------------

1. Summary:

Updated curl packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

A stack based buffer overflow bug was found in cURL's NTLM authentication
module. It is possible to execute arbitrary code on a user's machine if
the user can be tricked into connecting to a malicious web server using
NTLM authentication. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3185 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

170678 - CAN-2005-3185 NTLM buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm
1b0d0a36924e60bf0c6ef75974c04ca8  curl-7.10.6-7.rhel3.src.rpm

i386:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
70ad959c7f566c2145d6024845d3a78f  curl-devel-7.10.6-7.rhel3.i386.rpm

ia64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
199d6a6f2e21733a86ed346b2cbe089f  curl-7.10.6-7.rhel3.ia64.rpm
0b95f082281ae4d9d460281b39b46aa0  curl-devel-7.10.6-7.rhel3.ia64.rpm

ppc:
77a1836af930e5326110ee8690317901  curl-7.10.6-7.rhel3.ppc.rpm
908d24e3cbc7d08036d43733d7ae2022  curl-7.10.6-7.rhel3.ppc64.rpm
0fc4b76591d36237efc18d58bb1566ec  curl-devel-7.10.6-7.rhel3.ppc.rpm

s390:
7ade82b95dae4bc22e4030731ffbc641  curl-7.10.6-7.rhel3.s390.rpm
1ceb1c3662fb96ea90ebda1c46df2706  curl-devel-7.10.6-7.rhel3.s390.rpm

s390x:
7ade82b95dae4bc22e4030731ffbc641  curl-7.10.6-7.rhel3.s390.rpm
b246e88f93093cb48eb1a86a8b80fe71  curl-7.10.6-7.rhel3.s390x.rpm
aa34b35194bba528ed3b2c066b709508  curl-devel-7.10.6-7.rhel3.s390x.rpm

x86_64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
8646b2ff68f5f1ee2cc1ff5da875e7c7  curl-7.10.6-7.rhel3.x86_64.rpm
65db40cfdfc676fd1a12c0b6bfae699a  curl-devel-7.10.6-7.rhel3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm
1b0d0a36924e60bf0c6ef75974c04ca8  curl-7.10.6-7.rhel3.src.rpm

i386:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
70ad959c7f566c2145d6024845d3a78f  curl-devel-7.10.6-7.rhel3.i386.rpm

x86_64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
8646b2ff68f5f1ee2cc1ff5da875e7c7  curl-7.10.6-7.rhel3.x86_64.rpm
65db40cfdfc676fd1a12c0b6bfae699a  curl-devel-7.10.6-7.rhel3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm
1b0d0a36924e60bf0c6ef75974c04ca8  curl-7.10.6-7.rhel3.src.rpm

i386:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
70ad959c7f566c2145d6024845d3a78f  curl-devel-7.10.6-7.rhel3.i386.rpm

ia64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
199d6a6f2e21733a86ed346b2cbe089f  curl-7.10.6-7.rhel3.ia64.rpm
0b95f082281ae4d9d460281b39b46aa0  curl-devel-7.10.6-7.rhel3.ia64.rpm

x86_64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
8646b2ff68f5f1ee2cc1ff5da875e7c7  curl-7.10.6-7.rhel3.x86_64.rpm
65db40cfdfc676fd1a12c0b6bfae699a  curl-devel-7.10.6-7.rhel3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm
1b0d0a36924e60bf0c6ef75974c04ca8  curl-7.10.6-7.rhel3.src.rpm

i386:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
70ad959c7f566c2145d6024845d3a78f  curl-devel-7.10.6-7.rhel3.i386.rpm

ia64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
199d6a6f2e21733a86ed346b2cbe089f  curl-7.10.6-7.rhel3.ia64.rpm
0b95f082281ae4d9d460281b39b46aa0  curl-devel-7.10.6-7.rhel3.ia64.rpm

x86_64:
ecfce4eee3ede7414af9419bb857a663  curl-7.10.6-7.rhel3.i386.rpm
8646b2ff68f5f1ee2cc1ff5da875e7c7  curl-7.10.6-7.rhel3.x86_64.rpm
65db40cfdfc676fd1a12c0b6bfae699a  curl-devel-7.10.6-7.rhel3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm
354e2083a66997cc4f868b08f049798e  curl-7.12.1-6.rhel4.src.rpm

i386:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
0bab280280fa3770e00b88cf34dab80e  curl-devel-7.12.1-6.rhel4.i386.rpm

ia64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
07c388d071c757bbc7333538f3258ea3  curl-7.12.1-6.rhel4.ia64.rpm
1009a4b23eccdf737d123cd073000d57  curl-devel-7.12.1-6.rhel4.ia64.rpm

ppc:
bbb86cd7e5976de2a7784c32db0e4233  curl-7.12.1-6.rhel4.ppc.rpm
f12164cdc06758194f8c5c7893a63836  curl-7.12.1-6.rhel4.ppc64.rpm
e410212395e7af4797aae342bdf1a590  curl-devel-7.12.1-6.rhel4.ppc.rpm

s390:
cc8e0c6478a8af638c61e406ddafbaaa  curl-7.12.1-6.rhel4.s390.rpm
61b6e8d9e57dcf391b202bb81db6955b  curl-devel-7.12.1-6.rhel4.s390.rpm

s390x:
cc8e0c6478a8af638c61e406ddafbaaa  curl-7.12.1-6.rhel4.s390.rpm
5c79c8a8422d02e326f9b3654fd6805c  curl-7.12.1-6.rhel4.s390x.rpm
e5c6bb0ff192c70f77557235b9791c96  curl-devel-7.12.1-6.rhel4.s390x.rpm

x86_64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
dc308198a4f9c9e5477911096a5e65de  curl-7.12.1-6.rhel4.x86_64.rpm
6cc5d58957f9ddb9fef20c6201fe4e33  curl-devel-7.12.1-6.rhel4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm
354e2083a66997cc4f868b08f049798e  curl-7.12.1-6.rhel4.src.rpm

i386:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
0bab280280fa3770e00b88cf34dab80e  curl-devel-7.12.1-6.rhel4.i386.rpm

x86_64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
dc308198a4f9c9e5477911096a5e65de  curl-7.12.1-6.rhel4.x86_64.rpm
6cc5d58957f9ddb9fef20c6201fe4e33  curl-devel-7.12.1-6.rhel4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm
354e2083a66997cc4f868b08f049798e  curl-7.12.1-6.rhel4.src.rpm

i386:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
0bab280280fa3770e00b88cf34dab80e  curl-devel-7.12.1-6.rhel4.i386.rpm

ia64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
07c388d071c757bbc7333538f3258ea3  curl-7.12.1-6.rhel4.ia64.rpm
1009a4b23eccdf737d123cd073000d57  curl-devel-7.12.1-6.rhel4.ia64.rpm

x86_64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
dc308198a4f9c9e5477911096a5e65de  curl-7.12.1-6.rhel4.x86_64.rpm
6cc5d58957f9ddb9fef20c6201fe4e33  curl-devel-7.12.1-6.rhel4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm
354e2083a66997cc4f868b08f049798e  curl-7.12.1-6.rhel4.src.rpm

i386:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
0bab280280fa3770e00b88cf34dab80e  curl-devel-7.12.1-6.rhel4.i386.rpm

ia64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
07c388d071c757bbc7333538f3258ea3  curl-7.12.1-6.rhel4.ia64.rpm
1009a4b23eccdf737d123cd073000d57  curl-devel-7.12.1-6.rhel4.ia64.rpm

x86_64:
7932c8695503fdf03165952b4c5ded91  curl-7.12.1-6.rhel4.i386.rpm
dc308198a4f9c9e5477911096a5e65de  curl-7.12.1-6.rhel4.x86_64.rpm
6cc5d58957f9ddb9fef20c6201fe4e33  curl-devel-7.12.1-6.rhel4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.