Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30441
HistoryApr 01, 2014 - 12:00 a.m.

[slackware-security] curl (SSA:2014-086-01)

2014-04-0100:00:00
vulners.com
31
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2014-086-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
±-------------------------+
patches/packages/curl-7.36.0-i486-1_slack14.1.txz: Upgraded.
This update fixes four security issues.
For more information, see:
http://curl.haxx.se/docs/adv_20140326A.html
http://curl.haxx.se/docs/adv_20140326B.html
http://curl.haxx.se/docs/adv_20140326C.html
http://curl.haxx.se/docs/adv_20140326D.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
(* Security fix *)
±-------------------------+

Where to find the new packages:
±----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.36.0-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.36.0-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.36.0-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.36.0-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.36.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.36.0-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.36.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.36.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.36.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.36.0-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.36.0-x86_64-1.txz

MD5 signatures:
±------------+

Slackware 13.0 package:
f2bfd8ac585b27cecc518de2b33412c2 curl-7.36.0-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
0f8dc655f260987c8d78d5bea833d8f7 curl-7.36.0-x86_64-1_slack13.0.txz

Slackware 13.1 package:
7cf1f0ea7dedff527946299e7236e77e curl-7.36.0-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
177375acc8683037988a13a398f1a29e curl-7.36.0-x86_64-1_slack13.1.txz

Slackware 13.37 package:
606c382d315b1067ef1fd3b7845bb9e6 curl-7.36.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
8ec5e086ae682d778a5c2c986dd79906 curl-7.36.0-x86_64-1_slack13.37.txz

Slackware 14.0 package:
dd7126a5f92f7f94df9115ffcdb40012 curl-7.36.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
a8e496fec60861ce499a349343073468 curl-7.36.0-x86_64-1_slack14.0.txz

Slackware 14.1 package:
2bbd15ebfb4c4b97c5a0d9962e9b1e5d curl-7.36.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
c8dc094b835d8c34a9637abd84b3c89b curl-7.36.0-x86_64-1_slack14.1.txz

Slackware -current package:
06673155a798e92a4b2cdc5a52dba87f n/curl-7.36.0-i486-1.txz

Slackware x86_64 -current package:
a52032963ab98107a50675b4f212481b n/curl-7.36.0-x86_64-1.txz

Installation instructions:
±-----------------------+

Upgrade the package as root:

upgradepkg curl-7.36.0-i486-1_slack14.1.txz

±----+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

±-----------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
±-----------------------------------------------------------------------+
| Send an email to [email protected] with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
±-----------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlM176AACgkQakRjwEAQIjOcAACeOQryVvuABStufS/APbJg03IP
v8YAn3/+kqsJ9+Di3VLAO9jvwb+jDIKY
=rbfp
-----END PGP SIGNATURE-----

Related

securityvulns 5
slackware 1
nessus 31
ibm 11
openvas 31
osv 3
debian 2
gentoo 1
ubuntu 1
fedora 5
f5 6
mageia 2
hackerone 1
debiancve 4
prion 4
veracode 4
seebug 2
cve 4
alpinelinux 2
ubuntucve 3
redhat 2
centos 1
oraclelinux 1
amazon 1
vmware 2
ics 1
rosalinux 1
oracle 1
securityvulns
securityvulns
curl multiple security vulnerabilities
2014-04-01 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
Apple Mac OS X multiple security vulnerabilities
2014-02-28 00:00:00
slackware
slackware
[slackware-security] curl
2014-03-28 22:53:36
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2014-086-01)
2014-03-31 00:00:00
cURL/libcURL 7.x < 7.35.0 Multiple Vulnerabilities
2014-03-31 00:00:00
openSUSE Security Update : curl (openSUSE-SU-2014:0598-1)
2014-06-13 00:00:00
ibm
ibm
Security Bulletin: IBM ToolsCenter is affected by several cURL potential vulnerabilities (CVE-2014-0015, CVE-2014-0139, CVE-2014-0138, CVE-2014-2522)
2019-01-31 01:25:01
Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by the following libcURL vulnerabilities: (CVE-2014-0139, CVE-2014-0138)
2018-06-17 14:42:46
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-138, CVE-2014-0139)
2019-01-31 01:35:01
openvas
openvas
Ubuntu Update for curl USN-2167-1
2014-04-15 00:00:00
Debian Security Advisory DSA 2902-1 (curl - security update)
2014-04-13 00:00:00
Ubuntu Update for curl USN-2167-1
2014-04-15 00:00:00
osv
osv
curl - security update
2014-04-13 00:00:00
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-0138
2014-04-15 14:55:00
debian
debian
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-06-22 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2014-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-curl-7.37.0-1.fc20
2014-06-10 02:52:24
[SECURITY] Fedora 19 Update: mingw-curl-7.37.0-1.fc19
2014-06-10 03:11:23
[SECURITY] Fedora 20 Update: mingw-curl-7.39.0-1.fc20
2015-01-02 05:06:39
f5
f5
K15862 : Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
SOL15873 - cURL/libcURL vulnerability CVE-2014-2522
2014-11-27 00:00:00
mageia
mageia
Updated curl packages fix multiple vulnerabilities
2014-04-03 04:56:35
Updated lftp packages fix CVE-2014-0139
2015-04-24 00:14:25
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
debiancve
debiancve
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-2522
2014-04-18 22:14:00
CVE-2014-1263
2014-02-27 01:55:00
prion
prion
Design/Logic Flaw
2014-04-15 14:55:00
Code injection
2014-02-27 01:55:00
Code injection
2014-04-18 22:14:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-06-10 05:39:48
Improper Validation
2018-08-13 17:40:23
Man-in-the-Middle (MitM)
2018-08-14 05:36:50
seebug
seebug
cURL/libcURL SSL证书验证安全限制绕过漏洞
2014-03-21 00:00:00
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
2014-02-26 00:00:00
cve
cve
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-1263
2014-02-27 01:55:00
CVE-2014-2522
2014-04-18 22:14:00
alpinelinux
alpinelinux
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-0138
2014-04-15 14:55:00
ubuntucve
ubuntucve
CVE-2014-0139
2014-03-27 00:00:00
CVE-2014-2522
2014-04-18 00:00:00
CVE-2014-0138
2014-03-27 00:00:00
redhat
redhat
(RHSA-2014:0561) Moderate: curl security and bug fix update
2014-05-27 00:00:00
(RHSA-2014:0629) Important: rhev-hypervisor6 security update
2014-06-05 00:00:00
centos
centos
curl, libcurl security update
2014-05-28 12:52:04
oraclelinux
oraclelinux
curl security and bug fix update
2014-05-27 00:00:00
amazon
amazon
Medium: curl
2014-04-10 23:54:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30441
securityvulns5slackware1nessus31ibm11openvas31osv3debian2gentoo1ubuntu1fedora5f56mageia2hackerone1debiancve4prion4veracode4seebug2cve4alpinelinux2ubuntucve3redhat2centos1oraclelinux1amazon1vmware2ics1rosalinux1oracle1