U programskom paketu curl otkriven je sigurnosni propust kojeg udaljeni napadači mogu iskoristiti za stjecanje većih ovlasti i umetanje proizvoljnih podataka.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0888
2012-01-24 19:20:27
--------------------------------------------------------------------------------

Name        : curl
Product     : Fedora 15
Version     : 7.21.3
Release     : 13.fc15
URL         : http://curl.haxx.se/
Summary     : A utility for getting files from remote servers (FTP, HTTP, and
others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP.  curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

reject URLs containing bad data (CVE-2012-0036)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 24 2012 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-13
- reject URLs containing bad data (CVE-2012-0036)
* Mon Sep 19 2011 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-12
- curl-config now provides dummy --static-libs option (#733956)
- break busy loops in tests 502, 555, and 573
* Sun Aug 21 2011 Paul Howarth <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-11
- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
* Tue Aug 16 2011 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-10
- fix SIGSEGV of curl -O -J given more than one URL (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken (#728562)
* Wed Aug  3 2011 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-9
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
* Thu Jun 23 2011 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-8
- do not delegate GSSAPI credentials (CVE-2011-2192)
* Wed Jun  8 2011 Kamil Dudka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7.21.3-7
- avoid an invalid timeout event on a reused handle (#679709)
- sync the NSS code with upstream f551aa5 (several bug fixes)
- sync the code of curl-multi with upstream f551aa5 (several bug fixes)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #773457 - CVE-2012-0036 curl: URL sanitization vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=773457
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update curl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce