Mageia Bugzilla – Bug 10595
curl new security issue CVE-2013-2174
Last modified: 2014-05-08 18:06:08 CEST
Upstream has issued an advisory today (June 22):
Updated package uploaded for Cauldron (by Funda).
Patched packages uploaded for Mageia 2 and Mageia 3 (by me).
Updated curl packages fix security vulnerability:
libcurl is vulnerable to a case of bad checking of the input data which may
lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
strings to raw binary data. URL encoded octets are represented with %HH
combinations where HH is a two-digit hexadecimal number. The decoded string is
written to an allocated memory area that the function returns to the caller
Updated packages in core/updates_testing:
Steps to Reproduce:
Tested that curl still works as expected on mga3 i586, following Claire's procedure from https://bugs.mageia.org/show_bug.cgi?id=4307#c11 (should we add it to the QA testing procedures on the wiki?)
If it's not enough, please remove MGA3-OK-32 from the whiteboard.
Tested that urpmi --curl stills works as intended, too.
Testing complete from mga2 i586 (VM).
Followed same test as Comment 1 all ran as expected
Testing complete mga2 64
Validating. Advisory uploaded.
Could sysadmin please push from 2 & 3 core/updates_testing to core/updates
FYI. There is a PoC for this:
wget "https://bugzilla.redhat.com/attachment.cgi?id=761296" -O
gcc -o CVE-2013-2174-poc CVE-2013-2174-poc.c -lcurl
(tested, all ok)