[Bluewhite64 Linux Security] curl [BW64SA:20090817-01]
Hash: SHA1
[Bluewhite64 Linux Security] curl [BW64SA:20090817-01]
New curl packages are available for 12.0, 12.1, 12.2, and -current
to fix a security issue.
For more information, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/curl-7.19.6-x86_64-1.tgz:
This update fixes a security issue where a zero byte embedded in an SSL
or TLS certificate could fool cURL into validating the security of a
connection to a system that the certificate was not issued for. It has
been reported that at least one Certificate Authority allowed such
certificates to be issued.
For more information, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
[*** Security fix ***]
- --------------------------
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/curl-7.16.2-x86_64-3.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/curl-7.16.2-x86_64-3.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/curl-7.19.6-x86_64-1.tgz
For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/curl-7.19.6-x86_64-1.txz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 Linux 12.0 package:
53f5ff0b3036bf00e6e2f18c71349d93 curl-7.16.2-x86_64-3.tgz
Bluewhite64 Linux 12.1 package:
b96a62284ee7c93561b022b1b524f98c curl-7.16.2-x86_64-3.tgz
Bluewhite64 Linux 12.2 package:
ebb534696a04b43ce59d04658f95f711 curl-7.19.6-x86_64-1.tgz
Bluewhite64 Linux -current package:
f5f13b7be579c710efdeb6354a5d58b2 curl-7.19.6-x86_64-1.txz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg curl-7.19.6-x86_64-1.tgz
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkqJjsMACgkQpTOsxuDdlY4oTwCY6hKMQzEfFiyjn7RhZjcn0F3a
tgCdGyDDQHbE0XKRujFLXQ6VmN+PWtk=
=2kI0
-----END PGP SIGNATURE-----