Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA-200903-21 Normal: cURL Arbitrary File Access

gentoo
Calendar Grey March 9, 2009
Dist Gentoo Esm H88
Alerting regarding cURL file exposure flaw, recommending immediate patching. Level: Moderate, impacts Gentoo environments.
A vulnerability in cURL may allow for arbitrary file access.

Summary

Gentoo Linux Security Advisory GLSA 200903-21 https://security.gentoo.org/ Severity: Normal Title: cURL: Arbitrary file access Date: March 09, 2009 Bugs: #260361 ID: 200903-21

Synopsis ======= A vulnerability in cURL may allow for arbitrary file access.
Background ========= cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.19.4 >= 7.19.4
========== David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPT_FOLLOWLOCATION is enabled.
Impact ===== A remote attacker could possibly exploit this v...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo update instructions file access curl normal

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo update instructions file access curl normal

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here