Debian: New curl packages fix potential security problem

- --------------------------------------------------------------------------Debian Security Advisory DSA 919-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
Marth 10th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : curl
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-4077
BugTraq ID     : 15756
Debian Bugs    : 342339 342696

The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several off-by-one
errors are not sufficient.  For completeness please find the original
bug description below:

    Stefan Esser discovered several off-by-one errors that allows
    local users to trigger a buffer overflow and cause a denial of
    service or bypass PHP security restrictions via certain URLs.

For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody2.

For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge5.

For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.

We recommend that you upgrade your libcurl packages.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      603 62a08f0dff0d09e2cfb773c04ec9cb39
          Size/MD5 checksum:    16679 4f4699069b8b03a75561c00ae346266c
          Size/MD5 checksum:   682397 a4df6bb5aa8962c204e73c8f98077928

  Alpha architecture:

          Size/MD5 checksum:   118546 80578b5149b1f85908250d189ffe4fc1
          Size/MD5 checksum:   195952 762e8471239a92b0c45b44e0379877f4
          Size/MD5 checksum:   116624 fe65a65b7ec0529ee5778f703f45de3d

  ARM architecture:

          Size/MD5 checksum:   114494 568f2949df218f0bdc77315eca6bcdc9
          Size/MD5 checksum:   172996 7d0e29244038b8587dc4f393b800a19e
          Size/MD5 checksum:   101892 36ded7c5e5844d79bb53b64b0a1e70c6

  Intel IA-32 architecture:

          Size/MD5 checksum:   113024 0a4bea4409c4b15554af6d063deff9e6
          Size/MD5 checksum:   163738 c91953e3083d813d51bc7d28c21cbb26
          Size/MD5 checksum:   100544 860e88b6f23f13beb96d1adb7e23ccc3

  Intel IA-64 architecture:

          Size/MD5 checksum:   122108 feb536a863d0d317a7fa2ddd05c91ccd
          Size/MD5 checksum:   210346 d371446a9efe8b55b22a891599ca0e34
          Size/MD5 checksum:   139470 6b282c866dc3d439b54565a85672f73e

  HP Precision architecture:

          Size/MD5 checksum:   116474 6def03bfd72095d967e130947160e149
          Size/MD5 checksum:   186410 8a92f7a10893e0e870c3de0008fdb7fb
          Size/MD5 checksum:   113016 a1c4e05ee3a19ceb7c501e7a15c79472

  Motorola 680x0 architecture:

          Size/MD5 checksum:   112814 fe14e982348adcd471dac277c64318d7
          Size/MD5 checksum:   159174 101573ffa60ada3919244812c3e549a4
          Size/MD5 checksum:    97210 a679640f9f2a15ebc4cf7ecaab294b17

  Big endian MIPS architecture:

          Size/MD5 checksum:   115508 e64d4b2a5f2ca190b5c6d2c35c612875
          Size/MD5 checksum:   183998 fe09a440ee83320deb8c87e145d5dd1c
          Size/MD5 checksum:   105278 0a986bde9d964600488d46f86cc13796

  Little endian MIPS architecture:

          Size/MD5 checksum:   115536 0a953c3fb64b1c2a717bbbedc4590930
          Size/MD5 checksum:   183894 28c9494b916c4f5930fb36a24a9cb15d
          Size/MD5 checksum:   105362 fa9855c9c542dfe80279debbd5c8fe58

  PowerPC architecture:

          Size/MD5 checksum:   115104 fdd19cc3dc041b832f1400b3095e3272
          Size/MD5 checksum:   181524 ec2f58f83023187dacb2dc28732db05f
          Size/MD5 checksum:   106436 b64010ddab81b1658992b226a644b7b8

  IBM S/390 architecture:

          Size/MD5 checksum:   114424 a5651846cf7bbda1fe3bc7a7da2283e2
          Size/MD5 checksum:   167550 dabb8ea718530f9dbdd8858619c53157
          Size/MD5 checksum:   104400 81aa237a8b00e4e418d5a0a85d35e32b

  Sun Sparc architecture:

          Size/MD5 checksum:   114254 9df1a25a6dccea83b7a6cc7868c37247
          Size/MD5 checksum:   173320 948d75e0202f6fda494d6fae9d122940
          Size/MD5 checksum:   107996 2d5dade7d687ac5391bdca26016dd28e


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      810 5189493504485c0048f38809d1f71eb2
          Size/MD5 checksum:   172234 344704b789a63e17795dd47475af6519
          Size/MD5 checksum:  2201086 b3bd4a303f35f9a2a3ed3671cedf8329

  Alpha architecture:

          Size/MD5 checksum:   150912 bb6f21223e11353d7d1b373e3d832395
          Size/MD5 checksum:   251302 5a594c2e2b9e0e5697ae933cc9710ff2
          Size/MD5 checksum:  1010904 9c1ae1862d7dbf45310c42ad1fb7bf29
          Size/MD5 checksum:  1279442 0effd00cd0ec6d923e9694ceb7b8347b
          Size/MD5 checksum:   132196 e09c305798f2ef2d5232fefc1138743b

  AMD64 architecture:

          Size/MD5 checksum:   148046 72b46b62bb3f3d461b4d6a5734098b9b
          Size/MD5 checksum:   239294 121956fb9aae3348fa9a493cdea79740
          Size/MD5 checksum:  1004132 0f8d808b09bd0ab935beb218a7e53630
          Size/MD5 checksum:  1238024 a447b1dd774b1f4e07b4fc5fefccef5d
          Size/MD5 checksum:   119350 fa2554b51b070c1d6fd2d3f76f5038d5

  ARM architecture:

          Size/MD5 checksum:   147080 7b4cfc50771d62e0a76ccb6209fe449a
          Size/MD5 checksum:   232270 e81f1ce1b439ce7778abdf60248f9a21
          Size/MD5 checksum:  1006548 eb5d3cd6e480e053c835bc4a0e94e45c
          Size/MD5 checksum:  1236336 9552fc31cae7b84855459502c0f9185f
          Size/MD5 checksum:   112884 9c790872f1108c9de8ad03581515cd3b

  Intel IA-32 architecture:

          Size/MD5 checksum:   147610 950f7978ba6ee3b60416e9056438c6e0
          Size/MD5 checksum:   237898 46d8c98384d1d545d3e4d58d26d0a94b
          Size/MD5 checksum:  1003424 fe85527c93e5859685e72cd28ecaa15f
          Size/MD5 checksum:  1232116 2756464635b53395cbfda1ead83bfb62
          Size/MD5 checksum:   118554 a977c4931ccbd0d7ab855d4463edabbc

  Intel IA-64 architecture:

          Size/MD5 checksum:   156722 f430eba0b5554535b21fa840baa0953b
          Size/MD5 checksum:   279222 57772e931a766e8611b41de5dd82fc44
          Size/MD5 checksum:  1014718 69aebd71a0c09184ee5745d38fbe5e57
          Size/MD5 checksum:  1293798 072ac6f1e0b505991ded4340e71f3d2d
          Size/MD5 checksum:   160790 df3faf481671c5efb79bb4e43df0cd0f

  HP Precision architecture:

          Size/MD5 checksum:   150554 dcf951b1cdc8a8b2808b4ef5a6ed7a06
          Size/MD5 checksum:   251200 409ac37bb0adc4a4bd0542c1ac661ad3
          Size/MD5 checksum:  1002064 903885cbc63e47e1cca7cafe64d9061d
          Size/MD5 checksum:  1253626 b09cfaed0c17cd06e69586d54d426256
          Size/MD5 checksum:   132284 33802a367e971182dfaac46ab2f2b3a0

  Motorola 680x0 architecture:

          Size/MD5 checksum:   144652 11be6a48cdb019c42852c2a29523c972
          Size/MD5 checksum:   227858 b58a8fa28732754776e30b478649262e
          Size/MD5 checksum:   998546 3392e518130e36eba7a9598f6308e8f9
          Size/MD5 checksum:  1212010 5e901a9ab9336d22ce5bffec68ed3020
          Size/MD5 checksum:   108694 4f50040ed1dcb4a129b6cf5ef70196e2

  Big endian MIPS architecture:

          Size/MD5 checksum:   149942 9c11cfcc6886af0114f97b2eddb428a7
          Size/MD5 checksum:   237440 254e37aa6c1fcb96f53b3b38fb599142
          Size/MD5 checksum:  1007564 fc4147e821a5908cd6b2a67f77fa55f4
          Size/MD5 checksum:  1246980 5e542160496f4cbe3475ad7f4c085f7e
          Size/MD5 checksum:   118470 41ca8bc0fb17a1922ab864790a0b583e

  Little endian MIPS architecture:

          Size/MD5 checksum:   150046 51a993203eefc459a63658dc80ff0fcc
          Size/MD5 checksum:   238022 d52743d13cd115b6a893989af7aef032
          Size/MD5 checksum:  1010958 d3158f45cf6e904681e90608fce6673c
          Size/MD5 checksum:  1247246 5569e170ef9bda1d904b5e7e2b979ef4
          Size/MD5 checksum:   118942 d71e0823fadaeaafff74f3dfa0691621

  PowerPC architecture:

          Size/MD5 checksum:   150664 2b46df904ee41bfb43c3c375cecd97dd
          Size/MD5 checksum:   243472 ae29ca3aaca1c7b031eea79102315945
          Size/MD5 checksum:  1640526 f9fe8c3eda4eff4db90b3b8a93c10403
          Size/MD5 checksum:  1245292 4fb803a4dba48d506d0aff115fa516de
          Size/MD5 checksum:   124138 55b836d703e3d516fa2e75f018ddd8d8

  IBM S/390 architecture:

          Size/MD5 checksum:   148640 bb07ba73b8e9d90b80fb1d36a1472db6
          Size/MD5 checksum:   246640 93d40c902692d06f1d3a2d145b10474b
          Size/MD5 checksum:  1025438 c0778b7435b21cf277a2656f134d47d4
          Size/MD5 checksum:  1240744 6da2e87d0e60701d03f3da1cc4bf8905
          Size/MD5 checksum:   127458 80cf6d496e27df3765257fd1303eceb9

  Sun Sparc architecture:

          Size/MD5 checksum:   147660 905b8cdc96289e709644da1addd5c7a3
          Size/MD5 checksum:   236994 8385a7c13cc40517b179cf21689db383
          Size/MD5 checksum:   996640 5d5cb641eca75a51659dad9f499673fa
          Size/MD5 checksum:  1232354 c8f891808cc67cf1756fe68898baf607
          Size/MD5 checksum:   118006 5a4880af8b078ef38b148ba37ac4221a



  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New curl packages fix potential security problem

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
