Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23438
HistoryMar 23, 2010 - 12:00 a.m.

[email protected]

2010-03-2300:00:00
vulners.com
30
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:062
http://www.mandriva.com/security/

Package : curl
Date : March 19, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0

Problem Description:

A vulnerability has been found and corrected in curl:

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is
enabled, does not properly restrict the amount of callback data sent
to an application that requests automatic decompression, which might
allow remote attackers to cause a denial of service (application
crash) or have unspecified other impact by sending crafted compressed
data to an application that relies on the intended data-length limit
(CVE-2010-0734).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct theis issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734

Updated Packages:

Mandriva Linux 2008.0:
3b9700f3becc35f9479762f8d8118005 2008.0/i586/curl-7.16.4-2.3mdv2008.0.i586.rpm
58edc5e841606c3501beeddc71309a44 2008.0/i586/libcurl4-7.16.4-2.3mdv2008.0.i586.rpm
1c5d61cb13b75182ea24e1eb91ea9022 2008.0/i586/libcurl-devel-7.16.4-2.3mdv2008.0.i586.rpm
91f4758aac7a219f91963ce076fb8e08 2008.0/SRPMS/curl-7.16.4-2.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
59dda0d139c914b0764a1525aedd9e2b 2008.0/x86_64/curl-7.16.4-2.3mdv2008.0.x86_64.rpm
ce13767698748c5d509e8fd6823b16cf 2008.0/x86_64/lib64curl4-7.16.4-2.3mdv2008.0.x86_64.rpm
3d7463fc2250204ed0b4a88c5d981901 2008.0/x86_64/lib64curl-devel-7.16.4-2.3mdv2008.0.x86_64.rpm
91f4758aac7a219f91963ce076fb8e08 2008.0/SRPMS/curl-7.16.4-2.3mdv2008.0.src.rpm

Mandriva Linux 2009.0:
8cdbd92df1a130ba9dcb2b18cc3b97a2 2009.0/i586/curl-7.19.0-2.4mdv2009.0.i586.rpm
06be4cf361e00458ca9f6f6448bfd1aa 2009.0/i586/curl-examples-7.19.0-2.4mdv2009.0.i586.rpm
862148fd41195d65dd7dbdcc5a1a0d3c 2009.0/i586/libcurl4-7.19.0-2.4mdv2009.0.i586.rpm
3c32ba7af388e7351ee0cb963a803443 2009.0/i586/libcurl-devel-7.19.0-2.4mdv2009.0.i586.rpm
5569a1c539f8cd5639f568a46e7736e0 2009.0/SRPMS/curl-7.19.0-2.4mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
2bc00188f2f8823f00899edfaf6f1950 2009.0/x86_64/curl-7.19.0-2.4mdv2009.0.x86_64.rpm
c1443c8c88cf182b593c3a3c523f77b6 2009.0/x86_64/curl-examples-7.19.0-2.4mdv2009.0.x86_64.rpm
16dc3853657e667545bc20af1e7436bb 2009.0/x86_64/lib64curl4-7.19.0-2.4mdv2009.0.x86_64.rpm
3cad511e60155ed7ad4b1076e66e58f5 2009.0/x86_64/lib64curl-devel-7.19.0-2.4mdv2009.0.x86_64.rpm
5569a1c539f8cd5639f568a46e7736e0 2009.0/SRPMS/curl-7.19.0-2.4mdv2009.0.src.rpm

Mandriva Linux 2009.1:
15a8fde0e07a6ac7e4e09bbad25d33dd 2009.1/i586/curl-7.19.4-1.1mdv2009.1.i586.rpm
89207880380ba85543bd13e145199b71 2009.1/i586/curl-examples-7.19.4-1.1mdv2009.1.i586.rpm
b49e88d047d05ef28e1d1d4452a1808d 2009.1/i586/libcurl4-7.19.4-1.1mdv2009.1.i586.rpm
80477218d684b9e43e6e8adb1f2f3e50 2009.1/i586/libcurl-devel-7.19.4-1.1mdv2009.1.i586.rpm
16bb01108d6dda2be2495e45c2669958 2009.1/SRPMS/curl-7.19.4-1.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
acce92bd77632cff44d681d4de8481ab 2009.1/x86_64/curl-7.19.4-1.1mdv2009.1.x86_64.rpm
1517c5562a4fe98d8a09ca3e81abd4f1 2009.1/x86_64/curl-examples-7.19.4-1.1mdv2009.1.x86_64.rpm
0946b748e6b23013cb68db4748b3e731 2009.1/x86_64/lib64curl4-7.19.4-1.1mdv2009.1.x86_64.rpm
60566c2bbc2ea405b48830b54ec6189f 2009.1/x86_64/lib64curl-devel-7.19.4-1.1mdv2009.1.x86_64.rpm
16bb01108d6dda2be2495e45c2669958 2009.1/SRPMS/curl-7.19.4-1.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
ecd86c44d5f8aaff8c9c2361d9f3896b 2010.0/i586/curl-7.19.6-3.1mdv2010.0.i586.rpm
89d8674862c81e9188758b81fa4b2121 2010.0/i586/curl-examples-7.19.6-3.1mdv2010.0.i586.rpm
5090bbf68e7ded8ef1e67845c13f28ab 2010.0/i586/libcurl4-7.19.6-3.1mdv2010.0.i586.rpm
e545ee4b79873bfeeccb73ec166b6536 2010.0/i586/libcurl-devel-7.19.6-3.1mdv2010.0.i586.rpm
cef8204400fc2780819f929e0d664ea1 2010.0/SRPMS/curl-7.19.6-3.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
02f4d1ee6459c06bc51c43ef1ae7dc7a 2010.0/x86_64/curl-7.19.6-3.1mdv2010.0.x86_64.rpm
4417f2b6a5d0f5a8ebfbed90e524f5ac 2010.0/x86_64/curl-examples-7.19.6-3.1mdv2010.0.x86_64.rpm
dd05912726d564c779c3c890ff537b07 2010.0/x86_64/lib64curl4-7.19.6-3.1mdv2010.0.x86_64.rpm
10c8dc60a6c64c22a7f8dbd100955c9e 2010.0/x86_64/lib64curl-devel-7.19.6-3.1mdv2010.0.x86_64.rpm
cef8204400fc2780819f929e0d664ea1 2010.0/SRPMS/curl-7.19.6-3.1mdv2010.0.src.rpm

Corporate 4.0:
75f31c808f0fe1d04a1919a50c3950ae corporate/4.0/i586/curl-7.14.0-2.5.20060mlcs4.i586.rpm
8709d1eab88253ad429fbef0cf6a4af0 corporate/4.0/i586/libcurl3-7.14.0-2.5.20060mlcs4.i586.rpm
d72194e4561e0621497dcc605e6d3fd4 corporate/4.0/i586/libcurl3-devel-7.14.0-2.5.20060mlcs4.i586.rpm
783cf9616effb3ca339b557f55f78f8f corporate/4.0/SRPMS/curl-7.14.0-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
1e4d26e8f0b3ab500e25065f1d11e490 corporate/4.0/x86_64/curl-7.14.0-2.5.20060mlcs4.x86_64.rpm
adcfc892f29fd43810f1f808dc51548e corporate/4.0/x86_64/lib64curl3-7.14.0-2.5.20060mlcs4.x86_64.rpm
f25c93fe73f19a7f4669541926e11c49 corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.5.20060mlcs4.x86_64.rpm
783cf9616effb3ca339b557f55f78f8f corporate/4.0/SRPMS/curl-7.14.0-2.5.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
3f8eea4f36bee7a06c0f7c063fe920a7 mes5/i586/curl-7.19.0-2.4mdvmes5.i586.rpm
df37df4ef6884906620769cdb4c9cea2 mes5/i586/curl-examples-7.19.0-2.4mdvmes5.i586.rpm
026cd500cff6a23fa2b06b6b56f26bec mes5/i586/libcurl4-7.19.0-2.4mdvmes5.i586.rpm
0c09fece31ee0445dd0fec878484708a mes5/i586/libcurl-devel-7.19.0-2.4mdvmes5.i586.rpm
d102738ff3c559952c6dc6478dee0df4 mes5/SRPMS/curl-7.19.0-2.4mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
6ba687eea8c90ed431d53368de7f5576 mes5/x86_64/curl-7.19.0-2.4mdvmes5.x86_64.rpm
12557f186c611d636ebb8a52ccff426a mes5/x86_64/curl-examples-7.19.0-2.4mdvmes5.x86_64.rpm
0466c50273c7db7b723777a58f5b4587 mes5/x86_64/lib64curl4-7.19.0-2.4mdvmes5.x86_64.rpm
e198157d07ebaaf8b1413f370b1fae2c mes5/x86_64/lib64curl-devel-7.19.0-2.4mdvmes5.x86_64.rpm
d102738ff3c559952c6dc6478dee0df4 mes5/SRPMS/curl-7.19.0-2.4mdvmes5.src.rpm

Multi Network Firewall 2.0:
27f87a6f0f1940d9b541c7f2e650603c mnf/2.0/i586/curl-7.11.0-2.5.M20mdk.i586.rpm
7d25724592e67047e35bb76b466dde5b mnf/2.0/i586/libcurl2-7.11.0-2.5.M20mdk.i586.rpm
c1d7e9ddaffe9a221a6ddea6e32d43ed mnf/2.0/i586/libcurl2-devel-7.11.0-2.5.M20mdk.i586.rpm
ed5728fd99cef864100de142ee2039ff mnf/2.0/SRPMS/curl-7.11.0-2.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLo/D0mqjQ0CJFipgRAhgEAKCQunr2q6HysglXPmluTn2QQqz7ngCcDiKX
RtR93loskahsQKDwC/Bqq7I=
=Iv6E
-----END PGP SIGNATURE-----

Related

nessus 22
openvas 31
osv 1
veracode 1
debian 1
freebsd 1
cve 1
oraclelinux 2
securityvulns 2
ubuntucve 1
prion 1
debiancve 1
redhat 2
centos 1
ubuntu 1
gentoo 1
vmware 2
nessus
nessus
Fedora 11 : curl-7.19.7-5.fc11 (2010-2720)
2010-07-01 00:00:00
FreeBSD : curl -- libcurl buffer overflow vulnerability (c8c31c41-49ed-11df-83fb-0015587e2cc1)
2010-04-20 00:00:00
Oracle Linux 5 : curl (ELSA-2010-0273)
2023-09-07 00:00:00
openvas
openvas
RedHat Update for curl RHSA-2010:0273-05
2010-04-06 00:00:00
Mandriva Update for drakxtools MDVA-2010:062-1 (drakxtools)
2010-02-19 00:00:00
CentOS Update for curl CESA-2010:0329 centos4 i386
2010-04-09 00:00:00
osv
osv
curl - arbitrary code execution
2010-03-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:41
debian
debian
[SECURITY] [DSA 2023-1] New curl packages fix arbitrary code execution
2010-03-28 02:23:43
freebsd
freebsd
curl -- libcurl buffer overflow vulnerability
2010-02-09 00:00:00
cve
cve
CVE-2010-0734
2010-03-19 19:30:00
oraclelinux
oraclelinux
curl security update
2010-03-30 00:00:00
curl security, bug fix and enhancement update
2010-04-05 00:00:00
securityvulns
securityvulns
libcurl / cURL DoS
2010-03-23 00:00:00
[USN-1158-1] curl vulnerabilities
2011-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-0734
2010-03-19 00:00:00
prion
prion
Code injection
2010-03-19 19:30:00
debiancve
debiancve
CVE-2010-0734
2010-03-19 19:30:00
redhat
redhat
(RHSA-2010:0273) Moderate: curl security, bug fix and enhancement update
2010-03-30 00:00:00
(RHSA-2010:0329) Moderate: curl security update
2010-03-30 00:00:00
centos
centos
curl security update
2010-04-06 20:45:29
ubuntu
ubuntu
curl vulnerabilities
2011-06-24 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2012-03-06 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
JSON
Related for SECURITYVULNS:DOC:23438
nessus22openvas31osv1veracode1debian1freebsd1cve1oraclelinux2securityvulns2ubuntucve1prion1debiancve1redhat2centos1ubuntu1gentoo1vmware2