SciLinux: CVE-2010-0734 Moderate: curl SL5.x i386/x86_64
Summary
the documented limit. A malicious server could use this flaw to crash anapplication using libcurl or, potentially, execute arbitrary code. Note:This issue only affected applications using libcurl that rely on thedocumented data size limit, and that copy the data to the insufficientlysized buffer. (CVE-2010-0734)This update also fixes the following bugs:* when using curl to upload a file, if the connection was broken orreset by the server during the transfer, curl immediately started using100% CPU and failed to acknowledge that the transfer had failed. Withthis update, curl displays an appropriate error message and exits whenan upload fails mid-transfer due to a broken or reset connection.(BZ#479967)* libcurl experienced a segmentation fault when attempting to reuse aconnection after performing GSS-negotiate authentication, which in turncaused the curl program to crash. This update fixes this bug so thatreused connections are able to be successfully established even afterGSS-negotiate authentication has been performed. (BZ#517199)As well, this update adds the following enhancements:* curl now supports loading Certificate Revocation Lists (CRLs) from aPrivacy Enhanced Mail (PEM) file. When curl attempts to access sitesthat have had their certificate revoked in a CRL, curl refuses access tothose sites. (BZ#532069)* the curl(1) manual page has been updated to clarify that theLDAP protocols. (BZ#473128)* the curl utility's program help, which is accessed by running "curlAll running applications using libcurl must be restarted for the updateto take effect.SL 5.xSRPMS:curl-7.15.5-9.el5.src.rpmi386:curl-7.15.5-9.el5.i386.rpmcurl-devel-7.15.5-9.el5.i386.rpmx86_64:curl-7.15.5-9.el5.i386.rpmcurl-7.15.5-9.el5.x86_64.rpmcurl-devel-7.15.5-9.el5.i386.rpmcurl-devel-7.15.5-9.el5.x86_64.rpm-Connie Sieh-Troy Dawson