Описание
ELSA-2013-0771: curl security update (MODERATE)
[7.19.7-36]
- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
curl
7.15.5-16.el5_9
curl-devel
7.15.5-16.el5_9
Oracle Linux x86_64
curl
7.15.5-16.el5_9
curl-devel
7.15.5-16.el5_9
Oracle Linux i386
curl
7.15.5-16.el5_9
curl-devel
7.15.5-16.el5_9
Oracle Linux 6
Oracle Linux x86_64
curl
7.19.7-36.el6_4
libcurl
7.19.7-36.el6_4
libcurl-devel
7.19.7-36.el6_4
Oracle Linux i686
curl
7.19.7-36.el6_4
libcurl
7.19.7-36.el6_4
libcurl-devel
7.19.7-36.el6_4
Связанные CVE
Связанные уязвимости
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 d ...
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.