thr3ads.net - Secure testing team - [Secure-testing-team] Bug#518423: [CVE-2009-0037] libcurl Arbitrary File Access [Mar 2009]

If this information is useful, please help other people find it:
Share via:

Daniel Leidert

2009-Mar-05 23:55 UTC

[Secure-testing-team] Bug#518423: [CVE-2009-0037] libcurl Arbitrary File Access

Package: libcurl3
Version: 7.18.2-8
Severity: critical
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See http://curl.haxx.se/docs/adv_20090303.html. Ubuntu already fixed it,
so there is a patch available.

Regards, Daniel


- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (850, ''unstable''), (550,
''stable''), (500, ''oldstable''), (110,
''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libcurl3 depends on:
ii  ca-certificates       20081127           Common CA certificates
ii  libc6                 2.9-4              GNU C Library: Shared libraries
ii  libidn11              1.12-1             GNU Libidn library, implementation
ii  libkrb53              1.6.dfsg.4~beta1-9 Transitional library package/krb4 
ii  libldap-2.4-2         2.4.15-1           OpenLDAP libraries
ii  libssh2-1             1.0-1              SSH2 client-side library
ii  libssl0.9.8           0.9.8g-15          SSL shared libraries
ii  zlib1g                1:1.2.3.3.dfsg-13  compression library - runtime

libcurl3 recommends no packages.

libcurl3 suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmwZlEACgkQm0bx+wiPa4xz1ACeNEM3PVCMa2UXD5HzJ7kiuYJD
e7QAnR7nBm77AsE7H3La/YXUwe++PMti
=Gv74
-----END PGP SIGNATURE-----

Secure testing team - Mar 2009 - Bug#518423: [CVE-2009-0037] libcurl Arbitrary File Access

[Secure-testing-team] Bug#518423: [CVE-2009-0037] libcurl Arbitrary File Access