Scientific Linux: CVE-2010-0734 Moderate: curl Buffer Overflow Risk

Apr 02, 2010 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate buffer overflow arbitrary code execution application crash curl Scientific Linux

Moderate: curl security update

Date: Fri, 2 Apr 2010 11:12:17 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Moderate: curl on SL4.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Moderate: curl security update
Issue date:	2010-03-30
CVE Names:	CVE-2010-0734

Wesley Miaw discovered that when deflate compression was used, libcurl
could call the registered write callback function with data exceeding
the documented limit. A malicious server could use this flaw to crash an
application using libcurl or, potentially, execute arbitrary code. Note:
This issue only affected applications using libcurl that rely on the
documented data size limit, and that copy the data to the insufficiently
sized buffer. (CVE-2010-0734)

All running applications using libcurl must be restarted for the update
to take effect.

Note: This package for SL4 has to be renamed due to previous poor naming
of rpms.

SL 4.x

 SRPMS:
curl-7.12.1-11.2.el4_8.3.src.rpm
 i386:
curl-7.12.1-11.2.el4_8.3.i386.rpm
curl-devel-7.12.1-11.2.el4_8.3.i386.rpm
 x86_64:
curl-7.12.1-11.2.el4_8.3.i386.rpm
curl-7.12.1-11.2.el4_8.3.x86_64.rpm
curl-devel-7.12.1-11.2.el4_8.3.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here