[bluewhite64-security] curl (BW64SA:20090311-01)
Hash: SHA1
[bluewhite64-security] curl (BW64SA:20090311-01)
New curl packages are available for Bluewhite64 11.0, 12.0, 12.1,
12.2 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
Here are the details from the Bluewhite64 12.2 ChangeLog:
+--------------------------+
PATCHES/packages/curl-7.19.4-x86_64-1.tgz: Upgraded to curl-7.19.4.
This fixes a security issue where automatic redirection could be made to
follow file:// URLs, reading or writing a local instead of remote file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/curl-7.15.5-x86_64-2.tgz
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/curl-7.16.2-x86_64-2.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/curl-7.16.2-x86_64-2.tgz
Updated package for Bluewhite64 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/curl-7.19.4-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
251d530058184f12a1fcfc74f4cc56cb curl-7.15.5-x86_64-2.tgz
Bluewhite64 12.0 package:
5259617a0beed71534ec5c978fe28a9c curl-7.16.2-x86_64-2.tgz
Bluewhite64 12.1 package:
263b2f07f2a0291e3802b0d36a6f3f56 curl-7.16.2-x86_64-2.tgz
Bluewhite64 12.2 package:
6c5d201abf30f00deb95afe1914ad20d curl-7.19.4-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg curl-7.19.4-x86_64-1.tgz
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm3b2YACgkQpTOsxuDdlY6e7gCfVx5YHvuIRtjFyNp5z/wle++E
mgUAni0mGufTYGRT/Ktzc5rGLSkW235Y
=O9uH
-----END PGP SIGNATURE-----