curl-7.19.7-37.AXS4.3
エラータID: AXSA:2014-397:01
cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP upload, HTTP post, and file transfer resume.
Security issues fixed with this release:
• CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
• CVE-2014-0138
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Update packages.
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
N/A
SRPMS
- curl-7.19.7-37.AXS4.3.src.rpm
MD5: f7c8f583fe86d2f535b7b6541c599c2e
SHA-256: ace951c6a83890bd006eb7117fe8b87e14db2fd75d9dbdb310adca13b2432bb3
Size: 2.01 MB
Asianux Server 4 for x86
- curl-7.19.7-37.AXS4.3.i686.rpm
MD5: 9f65acc6d87169efa03c567dc14728ec
SHA-256: 842b3bedaa4b60194c27efb04084b126287ed0f3c613fb1d4823fdd57361ee7e
Size: 193.40 kB - libcurl-7.19.7-37.AXS4.3.i686.rpm
MD5: d3c59a0603761ad316cd7225381bd4c8
SHA-256: 50d7d500631cd3b410675b5515920a61454800708519eae11176eab85c215b97
Size: 171.65 kB - libcurl-devel-7.19.7-37.AXS4.3.i686.rpm
MD5: 29c3b2ed02cfad997d0811e5f4201dd8
SHA-256: 41657d048893905312cd883d19508f58205128fffc21ee86a8fc7e7b708c870d
Size: 243.96 kB
Asianux Server 4 for x86_64
- curl-7.19.7-37.AXS4.3.x86_64.rpm
MD5: 8c5c6d1f23831d066e88cb885e4c68e4
SHA-256: f0679a415169f669075dbd9d6be48d874d8f4aeb46dc83be6980ed46a358b5c5
Size: 193.07 kB - libcurl-7.19.7-37.AXS4.3.x86_64.rpm
MD5: 592cbf495f3c656c8d21df0f35a22d6d
SHA-256: 9f36e23be53fa24cd0037c25d1c9f2013cdac33e63c284d5c8c65a0637b7fcc2
Size: 164.71 kB - libcurl-devel-7.19.7-37.AXS4.3.x86_64.rpm
MD5: 99a6157ac7c794a1f7d07a7fc76b95f4
SHA-256: 3d2be704b12f9d2783852c73d60883280dd68743163eec563298d37cecb72334
Size: 243.53 kB - libcurl-7.19.7-37.AXS4.3.i686.rpm
MD5: d3c59a0603761ad316cd7225381bd4c8
SHA-256: 50d7d500631cd3b410675b5515920a61454800708519eae11176eab85c215b97
Size: 171.65 kB - libcurl-devel-7.19.7-37.AXS4.3.i686.rpm
MD5: 29c3b2ed02cfad997d0811e5f4201dd8
SHA-256: 41657d048893905312cd883d19508f58205128fffc21ee86a8fc7e7b708c870d
Size: 243.96 kB