[SECURITY] Fedora Core 5 Update: curl-7.15.1-3

Ivana Varekova varekova at redhat.com
Tue Mar 21 16:35:37 UTC 2006

Fedora Update Notification

Product     : Fedora Core 5
Name        : curl
Version     : 7.15.1                      
Release     : 3                  
Summary     : A utility for getting files from remote servers (FTP, HTTP, and others).
Description :
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity. cURL
offers many useful capabilities, like proxy support, user
authentication, FTP upload, HTTP post, and file transfer resume.

Update Information:

This curl update fixes security vulnerability CVE-2006-1061 - 
curl can overflow a heap-based memory buffer if very long
TFTP URL with valid host name is passed to curl.
This update fixes instalation problems on multilib
architectures, too.
* Mon Mar 20 2006 Ivana Varekova <vareokva at redhat.com> - 7.15.1-3
- fix multilib problem using pkg-config 
- fix cve-2006-1061 problem - cURL tftp buffer overflow
* Thu Feb 23 2006 Ivana Varekova <varekova at redhat.com> - 7.15.1-2
- fix multilib problem - #181290 - 
  curl-devel.i386 not installable together with curl-devel.x86-64

This update can be downloaded from:

22d285846edc9415777275be1a4040a182abb1b4  SRPMS/curl-7.15.1-3.src.rpm
89b873c628d9f9c3cf0e031571dba23a02ca47e1  ppc/curl-7.15.1-3.ppc.rpm
d9a98e61bddf2a976bcd0bbca3f567dd2f971b0b  ppc/curl-devel-7.15.1-3.ppc.rpm
64fd2d8247ddcea9ead35a579eacb76825a95f0e  ppc/debug/curl-debuginfo-7.15.1-3.ppc.rpm
b0f239c8622507a072776d2764be959445827487  x86_64/curl-7.15.1-3.x86_64.rpm
8240e70642da75927e081787266ce1c0dfb64fa6  x86_64/curl-devel-7.15.1-3.x86_64.rpm
b5bdf46987d7d1169b3034d2395f3129c3ab1300  x86_64/debug/curl-debuginfo-7.15.1-3.x86_64.rpm
d776e7f0b98d697ec747819d68f4fb5a97fb595c  i386/curl-7.15.1-3.i386.rpm
aafda2d4f423cf2821fb3361aadb59b8c80d63dd  i386/curl-devel-7.15.1-3.i386.rpm
d4a454a27855497b2e01a19486dd045f1a7009da  i386/debug/curl-debuginfo-7.15.1-3.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the fedora-announce-list mailing list