Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 25 Apr 2013 13:22:12 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: curl on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: curl security update Advisory ID: SLSA-2013:0771-1 Issue Date: 2013-04-24 CVE Numbers: CVE-2013-1944 -- A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts. (CVE-2013-1944) All running applications using libcurl must be restarted for the update to take effect. -- SL5 x86_64 curl-7.15.5-16.el5_9.i386.rpm curl-7.15.5-16.el5_9.x86_64.rpm curl-debuginfo-7.15.5-16.el5_9.i386.rpm curl-debuginfo-7.15.5-16.el5_9.x86_64.rpm curl-devel-7.15.5-16.el5_9.i386.rpm curl-devel-7.15.5-16.el5_9.x86_64.rpm i386 curl-7.15.5-16.el5_9.i386.rpm curl-debuginfo-7.15.5-16.el5_9.i386.rpm curl-devel-7.15.5-16.el5_9.i386.rpm SL6 x86_64 curl-7.19.7-36.el6_4.x86_64.rpm curl-debuginfo-7.19.7-36.el6_4.i686.rpm curl-debuginfo-7.19.7-36.el6_4.x86_64.rpm libcurl-7.19.7-36.el6_4.i686.rpm libcurl-7.19.7-36.el6_4.x86_64.rpm libcurl-devel-7.19.7-36.el6_4.i686.rpm libcurl-devel-7.19.7-36.el6_4.x86_64.rpm i386 curl-7.19.7-36.el6_4.i686.rpm curl-debuginfo-7.19.7-36.el6_4.i686.rpm libcurl-7.19.7-36.el6_4.i686.rpm libcurl-devel-7.19.7-36.el6_4.i686.rpm For dependency resolution the following packages were added to SL6 x86_64 libssh2-1.4.2-1.el6.i686.rpm libssh2-1.4.2-1.el6.x86_64.rpm libssh2-devel-1.4.2-1.el6.i686.rpm libssh2-devel-1.4.2-1.el6.x86_64.rpm libssh2-docs-1.4.2-1.el6.x86_64.rpm i386 libssh2-1.4.2-1.el6.i686.rpm libssh2-devel-1.4.2-1.el6.i686.rpm libssh2-docs-1.4.2-1.el6.i686.rpm - Scientific Linux Development Team