Fedora 11: Important Patch Released for Curl Security Vulnerability Fix

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS,

DICT, TELNET and TFTP servers, using any of the supported protocols.

cURL is designed to work without user interaction or any kind of

interactivity. cURL offers many useful capabilities, like proxy support,

user authentication, FTP upload, HTTP post, and file transfer resume.

Update to curl-7.19.4 fixes CVE-2009-0037.

* Tue Mar 3 2009 Jindrich Novy 7.19.4-1

- update to 7.19.4 (fixes CVE-2009-0037)

- fix leak in curl_easy* functions, thanks to Kamil Dudka

- drop nss-proxy, sslgen, nss-init patches

- update badsocket patch

* Mon Dec 15 2008 Jindrich Novy 7.18.2-9

- release++ because of tag conflict caused by f10/rawhide branch split

* Sun Dec 14 2008 Jindrich Novy 7.18.2-8

- use improved NSS patch, thanks to Rob Crittenden (#472489)

[ 1 ] Bug #485271 - CVE-2009-0037 curl: local file access via unsafe redirects

https://bugzilla.redhat.com/show_bug.cgi?id=485271

su -c 'yum update curl' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/