Moderate: curl (SL5, SL6)

Synopsis: Moderate: curl security update
Advisory ID: SLSA-2013:0983-1
Issue Date: 2013-06-25
CVE Numbers: CVE-2013-2174

A heap-based buffer overflow flaw was found in the way libcurl unescaped
URLs. A remote attacker could provide a specially-crafted URL that, when
processed by an application using libcurl that handles untrusted URLs,
would possibly cause it to crash or, potentially, execute arbitrary code.
(CVE-2013-2174)

All running applications using libcurl must be restarted for the update to
take effect.

SL5
x86_64
curl-7.15.5-17.el5_9.i386.rpm
curl-devel-7.15.5-17.el5_9.i386.rpm
curl-7.15.5-17.el5_9.x86_64.rpm
curl-devel-7.15.5-17.el5_9.x86_64.rpm
curl-debuginfo-7.15.5-17.el5_9.i386.rpm
curl-debuginfo-7.15.5-17.el5_9.x86_64.rpm
i386
curl-7.15.5-17.el5_9.i386.rpm
curl-devel-7.15.5-17.el5_9.i386.rpm
curl-debuginfo-7.15.5-17.el5_9.i386.rpm
srpm
curl-7.15.5-17.el5_9.src.rpm
noarch
curl-debuginfo-7.15.5-17.el5_9.i386.rpm
curl-debuginfo-7.15.5-17.el5_9.x86_64.rpm
SL6
x86_64
libcurl-7.19.7-37.el6_4.x86_64.rpm
libcurl-devel-7.19.7-37.el6_4.i686.rpm
curl-7.19.7-37.el6_4.x86_64.rpm
libcurl-devel-7.19.7-37.el6_4.x86_64.rpm
libcurl-7.19.7-37.el6_4.i686.rpm
curl-debuginfo-7.19.7-37.el6_4.i686.rpm
curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm
srpm
curl-7.19.7-37.el6_4.src.rpm
i386
curl-7.19.7-37.el6_4.i686.rpm
libcurl-devel-7.19.7-37.el6_4.i686.rpm
libcurl-7.19.7-37.el6_4.i686.rpm
curl-debuginfo-7.19.7-37.el6_4.i686.rpm
noarch
curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm
curl-debuginfo-7.19.7-37.el6_4.i686.rpm

– Scientific Linux Development Team