Debian: DSA-1738-1: New curl packages fix arbitrary file access
Summary
David Kierznowski discovered that libcurl, a multi-protocol file transfer
library, when configured to follow URL redirects automatically, does not
question the new target location. As libcurl also supports file:// and
scp:// URLs - depending on the setup - an untrusted server could use that
to expose local files, overwrite local files or even execute arbitrary
code via a malicious URL redirect.
This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by
default does not include the scp and file protocol handlers.
For the oldstable distribution (etch) this problem has been fixed in
version 7.15.5-1etch2.
For the stable distribution (lenny) this problem has been fixed in
version 7.18.2-8lenny2.
For the unstable distribution (sid) this problem has been fixed in
version 7.18.2-8.1.
We recommend that you upgrade your curl packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 956 0a164bd43dbfb582a049fe3a737a375b
Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892
Size/MD5 checksum: 21635 47c30162c60f8192bce199f5fab0012d
Architecture independent packages:
Size/MD5 checksum: 22244 752d541336f513b3bfd0841e0868b472
alpha architecture (DEC Alpha)
Size/MD5 checksum: 166256 709d02b9dae8f4b0c7333d6f03c31628
Size/MD5 checksum: 816206 a36046c7827322a14d257bd3fb74010b
Size/MD5 checksum: 818778 967acf1522d86fdf56e84e1c5b22f147
Size/MD5 checksum: 809316 af0f20647d1a91d799dcbed6980428b7
Size/MD5 checksum: 181392 78c3b97fba2c35b5c5d1bf1eb5f1d908
Size/MD5 checksum: 174310 433c7e16f748f83db01989e8a249a101
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 164766 6f3f68c322aa54a5000975530ded729e
Size/MD5 checksum: 170058 f6fd6e8f7a3e030ca028a6750f666061
Size/MD5 checksum: 772142 5d3cdfcfdaf0604aeebfc395703d6df7
Size/MD5 checksum: 778626 490801518500a00caec9e45fb755c524
Size/MD5 checksum: 824964 a57398dfcbd49c33060a48671bed8a02
Size/MD5 checksum: 163446 7eaaea76d628e03e8ebdc580bff0b72b
arm architecture (ARM)
Size/MD5 checksum: 756884 8eed02667e02867ad3d130a40ad4f330
Size/MD5 checksum: 762352 b5720175a10c9f7333a2e8a298aac91d
Size/MD5 checksum: 783552 72af9664d85d8aa4ca0960da19554333
Size/MD5 checksum: 160536 c9fb486fd46228488f391d57a9d6edc8
Size/MD5 checksum: 165914 b1188bf4e4da054e04b77c4e8f27ca73
Size/MD5 checksum: 162598 a60ef14833ef5f5bad0bffbda329e326
hppa architecture (HP PA RISC)
Size/MD5 checksum: 164866 73bdea9c0a854221204e7d232a464ad7
Size/MD5 checksum: 184262 c681c1b066c2210aa0d84f1763a14bdb
Size/MD5 checksum: 798798 29f2ee940a221a567c8f9568202f6f85
Size/MD5 checksum: 178932 76c87584e67d0e9957110bb805a15946
Size/MD5 checksum: 791220 9d0a1827c563e72951420d6e869a348f
Size/MD5 checksum: 815004 47b6884a2e5ce2224d64fdc9c5852325
i386 architecture (Intel ia32)
Size/MD5 checksum: 163604 16def6f8c4d5068be2bba466f89dc329
Size/MD5 checksum: 759150 613d3cfa2de22d73706c4158f45a9380
Size/MD5 checksum: 766468 c32cd1d31c6078d4676b8046ddc56f07
Size/MD5 checksum: 168800 1fc225d65db9eb6508481bf2e5985d5d
Size/MD5 checksum: 163240 362b7152f99699f68c93ab89e821d8d0
Size/MD5 checksum: 800506 984abe71ca0999c8a587ed1b0042299a
ia64 architecture (Intel ia64)
Size/MD5 checksum: 811254 1992183aa065d3782a2992ea98c22a5a
Size/MD5 checksum: 838550 350899a4e4f86a672aeb2c3a2d011e94
Size/MD5 checksum: 174484 ac0a064f867f61c30ebd1cd7da6ea845
Size/MD5 checksum: 217504 032debd42a9a3cc08f65ee17097fe9d7
Size/MD5 checksum: 225458 a6beeb5551ffe3d09341160b368bf4f6
Size/MD5 checksum: 848606 b339d6517e49af9a30b5bed9a42c9222
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 784292 439b960fc26cd382f86bbfb20478d7b0
Size/MD5 checksum: 831916 dcfa7a779ae3cdac67cecf847dac0162
Size/MD5 checksum: 792482 357d60661e80f1ee887d2345a119b547
Size/MD5 checksum: 164020 c91e5b7e745e2179301d2e75be7d8ee2
Size/MD5 checksum: 165474 eff09f808ce9a23ce659aeeffea398f1
Size/MD5 checksum: 170646 650b55f89ad5530208e49e211f5aebeb
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 164056 b2cbeec53d1eef3e9d0e29adf797548b
Size/MD5 checksum: 792108 4fe7f7e85d02706503d1064895607831
Size/MD5 checksum: 165674 500cb0c319ee13c14f8d010b3c4457cc
Size/MD5 checksum: 811082 c61871a4ac26252046b4e161aeef2dd7
Size/MD5 checksum: 784546 b8ba2732071c34bbfe5c10927317f589
Size/MD5 checksum: 170522 0919591347253f65b44ddea61f49cbc7
powerpc architecture (PowerPC)
Size/MD5 checksum: 774490 f804de8b26ea6914f0283f79f71d72b2
Size/MD5 checksum: 781844 b53e33260b02761cd26c8780b8e81f2b
Size/MD5 checksum: 173906 edf0a2342f93af56ffb18a45a934ace3
Size/MD5 checksum: 841666 5df4b820f0f196560bd5796d0ad1bad7
Size/MD5 checksum: 165134 c62f63233f70e51a732c36492fd04ae9
Size/MD5 checksum: 169130 44d2765d66141ceb6c6626750a098aaa
s390 architecture (IBM S/390)
Size/MD5 checksum: 836322 26db7bd743a5c2141c6aee251a9cede0
Size/MD5 checksum: 179832 487db999849a4ac171d86d87d12d3f7f
Size/MD5 checksum: 163182 7be52b66b1f79a0d0f76d0183da4104a
Size/MD5 checksum: 768888 87b9a0f806f25692cd2f9a30bd0be9eb
Size/MD5 checksum: 172444 3d9a0b971714e2f9f6c7d15ce387bc93
Size/MD5 checksum: 774446 9c7cf8ac1154f4b8b71615ad8d48ed99
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 160204 433e751e98d9010f793cfacf4c809996
Size/MD5 checksum: 788794 2c4e9c34ccf365fa02bc1f1657e68f35
Size/MD5 checksum: 162412 1bab2e9e64b655babb5f1ef1b7271090
Size/MD5 checksum: 766110 cc724da5e7cc8b38376d1644d98a144e
Size/MD5 checksum: 165224 671413f03a06041a824630be23ded9e9
Size/MD5 checksum: 759596 2070bf93dadb3b3fe1aa387fb0f8e6c7
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 27675 3cc8e00a5145e9f8f35823f89170ed4e
Size/MD5 checksum: 1418 02c706202a50b3358769c4c1e9f1a120
Size/MD5 checksum: 2273077 4fe99398a64a34613c9db7bd61bf6e3c
alpha architecture (DEC Alpha)
Size/MD5 checksum: 211250 dcccf85073a2826d5af6e6d438f6c9f6
Size/MD5 checksum: 224420 33ead51af60c4e6ea8f08b16ebde1e06
Size/MD5 checksum: 985930 c90004e19361846cbded2fb615eb60ec
Size/MD5 checksum: 1150080 c3436b5c4979764699a7236674df93cf
Size/MD5 checksum: 241558 7d28ddb21b9a23f2e4b6302dea9ffc36
Size/MD5 checksum: 957810 49c87cfe63e61d4c905c2c481b1a88a2
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 214620 3d0a0aa6453df3486b5910e198275f84
Size/MD5 checksum: 1182662 c7a8138e99e78dd772758e4d1db098fe
Size/MD5 checksum: 230526 1d8262e5c8ce1baddb748a76b836ff79
Size/MD5 checksum: 951202 76dd51652be02ad2972cbb32df9cbe60
Size/MD5 checksum: 208912 e66d007bbedba4d7e838045e549c64b1
Size/MD5 checksum: 928736 6f66f5283ad91d0a2b4d56bd629e8305
armel architecture (ARM EABI)
Size/MD5 checksum: 223972 d139a82972490d1f706ec27cacddadac
Size/MD5 checksum: 920298 d740b279b624e6a475cb7d391f7b2c10
Size/MD5 checksum: 903750 c81c5db454d3263cd6ae51d16c933a6d
Size/MD5 checksum: 209142 e9f8cea7ff20b90a27e1a72a523b3d47
Size/MD5 checksum: 209082 a906ad9c5f72efd9cdd561aed4ca8dc9
Size/MD5 checksum: 1151506 7c7546f135977a859ddc976f73b6542d
hppa architecture (HP PA RISC)
Size/MD5 checksum: 939250 04c83feddcf78eaca8136bd4b15bee90
Size/MD5 checksum: 209462 8e62f5740ba733a9a8cde83f045873e2
Size/MD5 checksum: 227528 9905b63e7ffb02e1b6da0443ad99bbf6
Size/MD5 checksum: 244642 f127b127e9783af96664f67fab940458
Size/MD5 checksum: 960844 5c3918da2bdb2bcb6e5775935d101600
Size/MD5 checksum: 1173380 ef0c131c585f50dd3b1d494be681ad4c
i386 architecture (Intel ia32)
Size/MD5 checksum: 903896 766d2afb93354dc6cfccc719ca5d3a32
Size/MD5 checksum: 923838 54e2efa56e08277cd061ec142167b8f8
Size/MD5 checksum: 1155810 b481158475101fe14cd7086dd09b00ba
Size/MD5 checksum: 228434 806b581b9cb3e7b74b4c5b38d952d496
Size/MD5 checksum: 208184 310da7a3545fdd174ae3f7cf7a05d84e
Size/MD5 checksum: 210964 fde8c7b507ef8fca75b3b95557443568
ia64 architecture (Intel ia64)
Size/MD5 checksum: 274076 a242056cc5928023e19189e0dad47a54
Size/MD5 checksum: 1165456 63a88f4853c990bf6a26744b25ffcd65
Size/MD5 checksum: 991418 a81c668fb270734005c855f77fbaa1b2
Size/MD5 checksum: 296182 959638d94a18a01ee393a5388af95e9a
Size/MD5 checksum: 222326 8f7d1012c7920a818ff3387fd672582b
Size/MD5 checksum: 1019228 f1ee83304b03f4e168a3077577aee4ca
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1193134 69792abd2ebb8ae27741fd5380a15c7d
Size/MD5 checksum: 227940 f59a95b1a51411e2df9f7646166b8bb0
Size/MD5 checksum: 212670 38196676b77101edb8d75e050ccdfa83
Size/MD5 checksum: 950332 3d0b559a946b285580c626796bd79619
Size/MD5 checksum: 208940 c4b370ba4637c34fb90b7241d94ad26e
Size/MD5 checksum: 929246 a3250ee1c064f637f4f8b80fe67cc126
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 208632 8e7b0faa4d0fcf82d4832c88040644a4
Size/MD5 checksum: 1169800 fec90115dd8a0a4159eb0b32f9d2f547
Size/MD5 checksum: 949916 4c476dd885c52cc5de342bf739d84f65
Size/MD5 checksum: 212332 d9cccbe468c2228b96c662fab496a06e
Size/MD5 checksum: 928636 b3e28a026e7deb8cce632c63b2a7a140
Size/MD5 checksum: 227638 75ad8b0dd97c093ff56338d856df7383
powerpc architecture (PowerPC)
Size/MD5 checksum: 941020 0f242ff442fea24f03c33af08d9e6c75
Size/MD5 checksum: 1179540 551daec15eb2ce16e000b2201dba167c
Size/MD5 checksum: 212734 57c377e5cbef3618e283a1e187045598
Size/MD5 checksum: 238114 440e40511e414c3a0c3a4f4bfd479a41
Size/MD5 checksum: 922274 73c54c0b54c83950728f60d8cc1727ea
Size/MD5 checksum: 222642 74220c8c71a4a5d9af54694d9777a9b0
s390 architecture (IBM S/390)
Size/MD5 checksum: 223330 8c5ca7bc3655a68e2fc33d11ecc06865
Size/MD5 checksum: 209294 e28839caee56080274e61541e035af52
Size/MD5 checksum: 1190688 bd391c517d8ec4b5179f753ef73825a9
Size/MD5 checksum: 931312 dc473f1db5201689c7cb15f41929f780
Size/MD5 checksum: 239904 5f08a1a17220525e249e6dec32a21bfb
Size/MD5 checksum: 912728 368e5d51de6826fce49b35e728a52dda
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 207660 84f75b95a33d19a1027b281c136f38ca
Size/MD5 checksum: 208576 4ac3ac2bb012ba68a1872620cc90e3a3
Size/MD5 checksum: 1134708 3403c94f0c0c32c1e964364337132456
Size/MD5 checksum: 222562 990364878bde2699a2af470013f90fce
Size/MD5 checksum: 902436 8f221c8abaab29401bd0434b9add83c8
Size/MD5 checksum: 918590 2d0b3f1dc2882cc2446ed708c2f2b55e
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
