curl-7.19.7-37.AXS4.3

エラータID: AXSA:2014-397:01

Release date: 
Saturday, June 14, 2014 - 21:16
Subject: 
curl-7.19.7-37.AXS4.3
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP upload, HTTP post, and file transfer resume.

Security issues fixed with this release:

• CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

• CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

Solution: 

Update packages.

CVEs: 
CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.19.7-37.AXS4.3.src.rpm
    MD5: f7c8f583fe86d2f535b7b6541c599c2e
    SHA-256: ace951c6a83890bd006eb7117fe8b87e14db2fd75d9dbdb310adca13b2432bb3
    Size: 2.01 MB

Asianux Server 4 for x86
  1. curl-7.19.7-37.AXS4.3.i686.rpm
    MD5: 9f65acc6d87169efa03c567dc14728ec
    SHA-256: 842b3bedaa4b60194c27efb04084b126287ed0f3c613fb1d4823fdd57361ee7e
    Size: 193.40 kB
  2. libcurl-7.19.7-37.AXS4.3.i686.rpm
    MD5: d3c59a0603761ad316cd7225381bd4c8
    SHA-256: 50d7d500631cd3b410675b5515920a61454800708519eae11176eab85c215b97
    Size: 171.65 kB
  3. libcurl-devel-7.19.7-37.AXS4.3.i686.rpm
    MD5: 29c3b2ed02cfad997d0811e5f4201dd8
    SHA-256: 41657d048893905312cd883d19508f58205128fffc21ee86a8fc7e7b708c870d
    Size: 243.96 kB

Asianux Server 4 for x86_64
  1. curl-7.19.7-37.AXS4.3.x86_64.rpm
    MD5: 8c5c6d1f23831d066e88cb885e4c68e4
    SHA-256: f0679a415169f669075dbd9d6be48d874d8f4aeb46dc83be6980ed46a358b5c5
    Size: 193.07 kB
  2. libcurl-7.19.7-37.AXS4.3.x86_64.rpm
    MD5: 592cbf495f3c656c8d21df0f35a22d6d
    SHA-256: 9f36e23be53fa24cd0037c25d1c9f2013cdac33e63c284d5c8c65a0637b7fcc2
    Size: 164.71 kB
  3. libcurl-devel-7.19.7-37.AXS4.3.x86_64.rpm
    MD5: 99a6157ac7c794a1f7d07a7fc76b95f4
    SHA-256: 3d2be704b12f9d2783852c73d60883280dd68743163eec563298d37cecb72334
    Size: 243.53 kB
  4. libcurl-7.19.7-37.AXS4.3.i686.rpm
    MD5: d3c59a0603761ad316cd7225381bd4c8
    SHA-256: 50d7d500631cd3b410675b5515920a61454800708519eae11176eab85c215b97
    Size: 171.65 kB
  5. libcurl-devel-7.19.7-37.AXS4.3.i686.rpm
    MD5: 29c3b2ed02cfad997d0811e5f4201dd8
    SHA-256: 41657d048893905312cd883d19508f58205128fffc21ee86a8fc7e7b708c870d
    Size: 243.96 kB