[SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15

updates at fedoraproject.org updates at fedoraproject.org
Sat Feb 11 22:04:59 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0888
2012-01-24 19:20:27
--------------------------------------------------------------------------------

Name        : curl
Product     : Fedora 15
Version     : 7.21.3
Release     : 13.fc15
URL         : http://curl.haxx.se/
Summary     : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP.  curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

reject URLs containing bad data (CVE-2012-0036)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 24 2012 Kamil Dudka <kdudka at redhat.com> 7.21.3-13
- reject URLs containing bad data (CVE-2012-0036)
* Mon Sep 19 2011 Kamil Dudka <kdudka at redhat.com> 7.21.3-12
- curl-config now provides dummy --static-libs option (#733956)
- break busy loops in tests 502, 555, and 573
* Sun Aug 21 2011 Paul Howarth <paul at city-fan.org> 7.21.3-11
- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
* Tue Aug 16 2011 Kamil Dudka <kdudka at redhat.com> 7.21.3-10
- fix SIGSEGV of curl -O -J given more than one URL (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken (#728562)
* Wed Aug  3 2011 Kamil Dudka <kdudka at redhat.com> 7.21.3-9
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
* Thu Jun 23 2011 Kamil Dudka <kdudka at redhat.com> 7.21.3-8
- do not delegate GSSAPI credentials (CVE-2011-2192)
* Wed Jun  8 2011 Kamil Dudka <kdudka at redhat.com> 7.21.3-7
- avoid an invalid timeout event on a reused handle (#679709)
- sync the NSS code with upstream f551aa5 (several bug fixes)
- sync the code of curl-multi with upstream f551aa5 (several bug fixes)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #773457 - CVE-2012-0036 curl: URL sanitization vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=773457
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update curl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list