Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Slackware 12.2 SSA:2009-226-01 Critical: curl Security Update

slackware
Calendar Grey August 14, 2009
Dist Slackware Esm H88
Recent curl updates resolve a significant security vulnerability impacting Slackware installations across various versions. Update immediately!
New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/curl-7.19.6-i486-1_slack12.2.tgz: This update fixes a security issue where a zero byte embedded in an SSL or TLS certificate could fool cURL into validating the security of a connection to a system that the certificate was not issued for. It has been reported that at least one Certificate Authority allowed such certificates to be issued. For more information, see: https://curl.se/docs/security.html https://www.cve.org/CVERecord?id=CVE-2009-2417 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical issue security fix Slackware curl update

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/curl-7.10.7-i486-4_slack9.1.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/curl-7.12.2-i486-4_slack10.0.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/curl-7.12.2-i486-4_slack10.1.tgz
Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages...

Read the Full Advisory

MD5 Signatures

Slackware 9.1 package: bba430efe6f1dade827dcc3e02f43d96 curl-7.10.7-i486-4_slack9.1.tgz
Slackware 10.0 package: a11a61820055ee6bec823203ed93d13c curl-7.12.2-i486-4_slack10.0.tgz
Slackware 10.1 package: a60d0bd5ba6552e5b063dca7b19599fd curl-7.12.2-i486-4_slack10.1.tgz
Slackware 10.2 package: af8ea0e0889749895bcadb44b329e287 curl-7.12.2-i486-4_slack10.2.tgz
Slackware 11.0 package: acd48f09056cd46b147c6835920e334d curl-7.15.5-i486-3_slack11.0.tgz
Slackware 12.0 package: 0660de46f0c0d4452416f2a98b0a9e76 curl-7.16.2-i486-3_slack12.0.tgz
Slackware 12.1 package: 5d5675c15841f3d4d08adaa46d47a7c9 curl-7.16.2-i486-3_slack12.1.tgz
Slackware 12.2 package: 84b10d8abbf1fb5537ddd9ab230eed9e curl-7.19.6-i486-1_slack12.2.tgz
Slackware -current package: ac265914bd49021d656a979470cd8857 curl-7.19.6-i486-1.txz
Slackware64 -current package: c4eb4c333af7854e6a256074d06e5358 curl-7.19.6-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical issue security fix Slackware curl update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-7.19.6-i486-1_slack12.2.tgz

Your message here