|
Family: Debian Local Security Checks --> Category: infos
[DSA919] DSA-919-2 curl Vulnerability Scan
Vulnerability Scan Summary DSA-919-2 curl
Detailed Explanation for this Vulnerability Test
The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several off-by-one
errors are not sufficient. For completeness please find the original
bug description below:
Several problems were discovered in libcurl, a multi-protocol file
transfer library. The Common Vulnerabilities and Exposures project
identifies the following problems:
A buffer overflow has been discovered in libcurl
that could allow the execution of arbitrary code.
Stefan Esser discovered several off-by-one errors that allows
local users to trigger a buffer overflow and cause a denial of
service or bypass PHP security restrictions via certain URLs.
For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody2.
For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge5. This update also includes a bugfix against
data corruption.
For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.
We recommend that you upgrade your libcurl packages.
Solution : http://www.debian.org/security/2005/dsa-919
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|