Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Slackware 12.2 2009-069-01 Critical: Curl Automatic Redirection Threat

slackware
Calendar Grey March 10, 2009
Dist Slackware Esm H88
Fresh curl distributions have just been released for Slackware to resolve a significant redirect vulnerability and enhance overall security.
New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/curl-7.19.4-i486-1_slack12.2.tgz: Upgraded to curl-7.19.4. This fixes a security issue where automatic redirection could be made to follow file:// URLs, reading or writing a local instead of remote file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2009-0037 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical threat Slackware fix curl redirection

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:

MD5 Signatures

Slackware 9.1 package: 9518e396ad90a20241bb6f370fc905bc curl-7.10.7-i486-3_slack9.1.tgz
Slackware 10.0 package: 139a92d6df8f87fbc72f2ea656295148 curl-7.12.2-i486-3_slack10.0.tgz
Slackware 10.1 package: fd2c0ec5d8e2f92882d55762c159486f curl-7.12.2-i486-3_slack10.1.tgz
Slackware 10.2 package: 625671543d37a8b247b83cd5833e3511 curl-7.12.2-i486-3_slack10.2.tgz
Slackware 11.0 package: 64fce363f0990a0eeeaf1b793720eccc curl-7.15.5-i486-2_slack11.0.tgz
Slackware 12.0 package: 6e8f47b4d3511e4ca9518a9971650207 curl-7.16.2-i486-2_slack12.0.tgz
Slackware 12.1 package: 8b6a84bf71876bec8b293f70fcf3c54f curl-7.16.2-i486-2_slack12.1.tgz
Slackware 12.2 package: 307b33a3558daada6a3aeb260e3a450c curl-7.19.4-i486-1_slack12.2.tgz
Slackware -current package: 9869d016c4b261562dcfd63d9b58a8e8 curl-7.19.4-i486-1.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical threat Slackware fix curl redirection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-7.19.4-i486-1_slack12.2.tgz

Related News

Your message here