Debian: 'curl' and 'curl-ssl' updates

    Date13 Oct 2000
    CategoryDebian
    2541
    Posted ByLinuxSecurity Advisories
    The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    October 13, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : curl and curl-ssl
    Problem type   : remote exploit
    Debian-specific: no
    
    The version of curl as distributed with Debian GNU/Linux 2.2 had a bug
    in the error logging code: when it created an error message it failed to
    check the size of the buffer allocated for storing the message. This
    could be exploited by the remote machine by returning an invalid
    response to a request from curl which overflows the error buffer and
    trick curl into executing arbitrary code.
    
    Debian ships with two versions of curl: the normal curl package, and the
    crypto-enabled curl-ssl package. This bug has been fixed in curl version
    6.0-1.1 and curl-ssl version 6.0-1.2 .
    
    We recommend you upgrade your curl or curl-ssl package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      Slink did not contain curl or curl-ssl.
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
      this moment packages for m68k are not yet available; they will later be
      announce on  http://security.debian.org/ .
    
      Fixed curl-ssl packages:
    
      Source archives:
        
    http://security.debian.org/dists/stable/updates/main/source/curl-ssl_6.0-1.2.diff.gz
          MD5 checksum: bdfd882127d9f246402be6f9cc8d02d3
        
    http://security.debian.org/dists/stable/updates/main/source/curl-ssl_6.0-1.2.dsc
          MD5 checksum: 965a98adeb70df08f5219565c5d2a0cb
     
    http://security.debian.org/dists/stable/updates/main/source/curl-ssl_6.0.orig.tar.gz
          MD5 checksum: dffbc34bc3c19d8e8c6a11495aa744fe
    
      Alpha architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/curl-ssl_6.0-1.2_alpha.deb
          MD5 checksum: 2c8992652534aa6d7e2fc95473a469a7
    
      ARM architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-arm/curl-ssl_6.0-1.2_arm.deb
          MD5 checksum: 168a025e9374b2f96eeae3736bff094f
    
      Intel ia32 architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/curl-ssl_6.0-1.2_i386.deb
          MD5 checksum: 7ad6efee7ec787a450911fbc40111468
    
      PowerPC architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/curl-ssl_6.0-1.2_powerpc.deb
          MD5 checksum: 1d62c52cbb711cea17c375978de09e7f
    
      Sun Sparc architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/curl-ssl_6.0-1.2_sparc.deb
          MD5 checksum: c631f9b4f4789d6ba779d8ebc5ec4867
    
    
      Fixed curl packages:
    
      Source archives:
        
    http://security.debian.org/dists/stable/updates/main/source/curl_6.0-1.1.diff.gz
          MD5 checksum: a95dde95e6a072bd44a8e59b9f3d0e49
        
    http://security.debian.org/dists/stable/updates/main/source/curl_6.0-1.1.dsc
          MD5 checksum: d35d95a7e1b8e1d19692d27edecd2155
        
    http://security.debian.org/dists/stable/updates/main/source/curl_6.0.orig.tar.gz
          MD5 checksum: dffbc34bc3c19d8e8c6a11495aa744fe
    
      Alpha architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/curl_6.0-1.1_alpha.deb
          MD5 checksum: dbbe286ceabcd21e398f5bf9566182d0
    
      ARM architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-arm/curl_6.0-1.1_arm.deb
          MD5 checksum: 9fb58f2b273e68b3ba00ebcf53737fa4
    
      Intel ia32 architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/curl_6.0-1.1_i386.deb
          MD5 checksum: 36bd0030616c54c60fb0ba2df5c31530
    
      PowerPC architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/curl_6.0-1.1_powerpc.deb
          MD5 checksum: d0cb857833f793276bd467773c3e58cf
    
      Sun Sparc architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/curl_6.0-1.1_sparc.deb
          MD5 checksum: 99f5c19a778e67eec371b316202274c0
    
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.