- Vulnerability/
- RHSA-2010:0329
RHSA-2010:0329: Moderate: curl security update
First published: Tue Mar 30 2010(Updated: )
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT<br>servers, using any of the supported protocols. cURL is designed to work<br>without user interaction or any kind of interactivity.<br>Wesley Miaw discovered that when deflate compression was used, libcurl<br>could call the registered write callback function with data exceeding the<br>documented limit. A malicious server could use this flaw to crash an<br>application using libcurl or, potentially, execute arbitrary code. Note:<br>This issue only affected applications using libcurl that rely on the<br>documented data size limit, and that copy the data to the insufficiently<br>sized buffer. (CVE-2010-0734)<br>Users of curl should upgrade to these updated packages, which contain a<br>backported patch to correct this issue. All running applications using<br>libcurl must be restarted for the update to take effect.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <7.12.1-11.1.el4_8.3 | 7.12.1-11.1.el4_8.3 |
| redhat/curl | <7.12.1-11.1.el4_8.3 | 7.12.1-11.1.el4_8.3 |
| redhat/curl-devel | <7.12.1-11.1.el4_8.3 | 7.12.1-11.1.el4_8.3 |
| redhat/curl-devel | <7.12.1-11.1.el4_8.3 | 7.12.1-11.1.el4_8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0329
- agent/software-canonical-lookup
- package-manager/redhat