exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-151

Mandriva Linux Security Advisory 2013-151
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1944
SHA-256 | 5c69303402e466b01eae0fbd8cd93ede86dc773f79280ad90e909cf75515c6af

Mandriva Linux Security Advisory 2013-151

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:151
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : curl
Date : April 26, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Updated curl packages fix security vulnerability:

libcurl is vulnerable to a cookie leak vulnerability when doing
requests across domains with matching tails. This vulnerability can be
used to hijack sessions in targetted attacks since registering domains
using a known domain's name as an ending is trivial (CVE-2013-1944).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
f0521b89d652d1c45bfeff5f9aea5af7 mes5/i586/curl-7.19.0-2.6mdvmes5.2.i586.rpm
daf9daaf4e61d1febab693f970fa52a8 mes5/i586/curl-examples-7.19.0-2.6mdvmes5.2.i586.rpm
077a55e5c750e32b8859174778c779db mes5/i586/libcurl4-7.19.0-2.6mdvmes5.2.i586.rpm
1c893a591659bb28d4fdf8278ce615af mes5/i586/libcurl-devel-7.19.0-2.6mdvmes5.2.i586.rpm
d5b1ced5df5a5c8fc98db99abd8bbc0b mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
cedf0d881fdb2c36a1884bc5fe0efb63 mes5/x86_64/curl-7.19.0-2.6mdvmes5.2.x86_64.rpm
21a7b7ade9a334525bbe0725ba9bfa14 mes5/x86_64/curl-examples-7.19.0-2.6mdvmes5.2.x86_64.rpm
09ef67ca7acd8b5e86ffd53dd9944b92 mes5/x86_64/lib64curl4-7.19.0-2.6mdvmes5.2.x86_64.rpm
6470a7442aa71657fa22b137c2870e73 mes5/x86_64/lib64curl-devel-7.19.0-2.6mdvmes5.2.x86_64.rpm
d5b1ced5df5a5c8fc98db99abd8bbc0b mes5/SRPMS/curl-7.19.0-2.6mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
539dc5e1ada6bac459d752af6edb47b3 mbs1/x86_64/curl-7.24.0-2.1.mbs1.x86_64.rpm
d009466416305b1b6c2a1306601df21c mbs1/x86_64/curl-examples-7.24.0-2.1.mbs1.x86_64.rpm
e5144a110a6097bcd6b33e34f5158d73 mbs1/x86_64/lib64curl4-7.24.0-2.1.mbs1.x86_64.rpm
971ceabe6e9df96a446f582d17680c97 mbs1/x86_64/lib64curl-devel-7.24.0-2.1.mbs1.x86_64.rpm
32a96e2c01d201c50372c18e1fd6204a mbs1/SRPMS/curl-7.24.0-2.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFReh9XmqjQ0CJFipgRAt7JAKDvXle3q/mbz//KGUkbHHK4r/OzngCePZZm
TLRyRSJBiJSzfOKmTVLufgc=
=arVW
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close