Synopsis: Moderate: curl security update
Advisory ID: SLSA-2013:0771-1
Issue Date: 2013-04-24
CVE Numbers: CVE-2013-1944
—
A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against libcurl
sending the wrong cookie if only part of the domain name matched the
domain associated with the cookie, disclosing the cookie to unrelated
hosts. (CVE-2013-1944)
All running applications using libcurl must be restarted for the update to
take effect.
—
SL5
x86_64
curl-7.15.5-16.el5_9.i386.rpm
curl-7.15.5-16.el5_9.x86_64.rpm
curl-debuginfo-7.15.5-16.el5_9.i386.rpm
curl-debuginfo-7.15.5-16.el5_9.x86_64.rpm
curl-devel-7.15.5-16.el5_9.i386.rpm
curl-devel-7.15.5-16.el5_9.x86_64.rpm
i386
curl-7.15.5-16.el5_9.i386.rpm
curl-debuginfo-7.15.5-16.el5_9.i386.rpm
curl-devel-7.15.5-16.el5_9.i386.rpm
SL6
x86_64
curl-7.19.7-36.el6_4.x86_64.rpm
curl-debuginfo-7.19.7-36.el6_4.i686.rpm
curl-debuginfo-7.19.7-36.el6_4.x86_64.rpm
libcurl-7.19.7-36.el6_4.i686.rpm
libcurl-7.19.7-36.el6_4.x86_64.rpm
libcurl-devel-7.19.7-36.el6_4.i686.rpm
libcurl-devel-7.19.7-36.el6_4.x86_64.rpm
i386
curl-7.19.7-36.el6_4.i686.rpm
curl-debuginfo-7.19.7-36.el6_4.i686.rpm
libcurl-7.19.7-36.el6_4.i686.rpm
libcurl-devel-7.19.7-36.el6_4.i686.rpm
For dependency resolution the following packages were added to SL6
x86_64
libssh2-1.4.2-1.el6.i686.rpm
libssh2-1.4.2-1.el6.x86_64.rpm
libssh2-devel-1.4.2-1.el6.i686.rpm
libssh2-devel-1.4.2-1.el6.x86_64.rpm
libssh2-docs-1.4.2-1.el6.x86_64.rpm
i386
libssh2-1.4.2-1.el6.i686.rpm
libssh2-devel-1.4.2-1.el6.i686.rpm
libssh2-docs-1.4.2-1.el6.i686.rpm
– Scientific Linux Development Team
