[UCI-Linux] [SECURITY] Fedora Core 4 Update: curl-7.13.1-4.fc4

Mike Iglesias iglesias at draco.acs.uci.edu
Thu Dec 8 13:20:58 PST 2005

From: "Ivana Varekova" <varekova at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 8 Dec 2005 15:54:10 -0500
Subject: [SECURITY] Fedora Core 4 Update: curl-7.13.1-4.fc4

Fedora Update Notification

Product     : Fedora Core 4
Name        : curl
Version     : 7.13.1                      
Release     : 4.fc4                  
Summary     : A utility for getting files from remote servers (FTP, HTTP, and others).
Description :
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity. cURL
offers many useful capabilities, like proxy support, user
authentication, FTP upload, HTTP post, and file transfer resume.

Update Information:

This package fixes a security buffer overflow bug in URL
authentication code of curl (CVE-2005-4077).
* Thu Dec  8 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4.fc4
- fix bug 175265 - CVE-2005-4077 SA17907 cURL/libcURL 
  URL Parsing Off-By-One Vulnerability

* Wed Oct 19 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4
- fix bug 170682 - CAN-2005-3185 NTLM buffer overflow 
  (this change is only in cvs - not build and not create update)

This update can be downloaded from:

74b3bde858c6abdf1f6173ea3458ebd5  SRPMS/curl-7.13.1-4.fc4.src.rpm
8cea2486a41145f679f874ee2b34a95a  ppc/curl-7.13.1-4.fc4.ppc.rpm
f9073446909237a740d65c91e07c0b19  ppc/curl-devel-7.13.1-4.fc4.ppc.rpm
29605be75615315af71cdbd630415c9e  ppc/debug/curl-debuginfo-7.13.1-4.fc4.ppc.rpm
c1b306563f458643580eda3dde3c005c  ppc/curl-7.13.1-4.fc4.ppc64.rpm
06a2524c2d80370fa476638e4c533eaf  x86_64/curl-7.13.1-4.fc4.x86_64.rpm
d79a0c56021eb3c9bb330bf9b5bba02c  x86_64/curl-devel-7.13.1-4.fc4.x86_64.rpm
08f9f0fd6d073a56f66256e431b3cdee  x86_64/debug/curl-debuginfo-7.13.1-4.fc4.x86_64.rpm
d837fbe6934a6cf6b93400229a8957f5  x86_64/curl-7.13.1-4.fc4.i386.rpm
d837fbe6934a6cf6b93400229a8957f5  i386/curl-7.13.1-4.fc4.i386.rpm
46eeb963c21692012022757a0a2b134d  i386/curl-devel-7.13.1-4.fc4.i386.rpm
81f4181f4bf33ebcb4a31946bfd1b26b  i386/debug/curl-debuginfo-7.13.1-4.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list