Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0273

Опубликовано: 05 апр. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0273: curl security, bug fix and enhancement update (MODERATE)

[7.15.5-9]

[7.15.5-8]

  • mention lack of IPv6, FTPS and LDAP support while using a socks proxy (#473128)
  • avoid tight loop if an upload connection is broken (#479967)
  • add options --ftp-account and --ftp-alternative-to-user to program help (#517084)
  • fix crash when reusing connection after negotiate-auth (#517199)
  • support for CRL loading from a PEM file (#532069)

[7.15.5-7]

  • sync patch for CVE-2007-0037 with 5.3.Z Related: #485290

[7.15.5-6]

  • fix CVE-2009-2417 Resolves: #516258

[7.15.5-5]

  • forwardport one hunk from upstream curl-7.15.1 Related: #485290

[7.15.5-4]

  • fix hunk applied to wrong place due to nonzero patch fuzz Related: #485290

[7.15.5-3]

  • fix CVE-2007-0037 Resolves: #485290

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

curl

7.15.5-9.el5

curl-devel

7.15.5-9.el5

Oracle Linux x86_64

curl

7.15.5-9.el5

curl-devel

7.15.5-9.el5

Oracle Linux i386

curl

7.15.5-9.el5

curl-devel

7.15.5-9.el5

Связанные CVE

CVE-2010-0734

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2010-0734

ubuntu
около 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

redhat логотип

CVE-2010-0734

redhat
больше 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

nvd логотип

CVE-2010-0734

nvd
около 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.

debian логотип

CVE-2010-0734

debian
около 15 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...

github логотип

GHSA-65fc-r6mj-6v9j

github
около 3 лет назад

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.