Upstream has issued an advisory today (June 22): http://curl.haxx.se/docs/adv_20130622.html Updated package uploaded for Cauldron (by Funda). Patched packages uploaded for Mageia 2 and Mageia 3 (by me). Advisory: ======================== Updated curl packages fix security vulnerability: libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller (CVE-2013-2174) References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174 http://curl.haxx.se/docs/adv_20130622.html ======================== Updated packages in core/updates_testing: ======================== curl-7.24.0-1.2.mga2 libcurl4-7.24.0-1.2.mga2 libcurl-devel-7.24.0-1.2.mga2 curl-examples-7.24.0-1.2.mga2 curl-7.28.1-6.1.mga3 libcurl4-7.28.1-6.1.mga3 libcurl-devel-7.28.1-6.1.mga3 curl-examples-7.28.1-6.1.mga3 from SRPMS: curl-7.24.0-1.2.mga2.src.rpm curl-7.28.1-6.1.mga3.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Tested that curl still works as expected on mga3 i586, following Claire's procedure from https://bugs.mageia.org/show_bug.cgi?id=4307#c11 (should we add it to the QA testing procedures on the wiki?) If it's not enough, please remove MGA3-OK-32 from the whiteboard.
CC: (none) => remiWhiteboard: MGA2TOO => MGA2TOO MGA3-32-OK
Tested that urpmi --curl stills works as intended, too.
Testing complete from mga2 i586 (VM).
Whiteboard: MGA2TOO MGA3-32-OK => MGA2TOO MGA2-32-OK MGA3-32-OK
MGA3 64 Followed same test as Comment 1 all ran as expected
CC: (none) => martynvidlerWhiteboard: MGA2TOO MGA2-32-OK MGA3-32-OK => MGA2TOO MGA2-32-OK MGA3-32-OK MGA3-64-ok
URL: (none) => http://lwn.net/Vulnerabilities/556156/
Whiteboard: MGA2TOO MGA2-32-OK MGA3-32-OK MGA3-64-ok => MGA2TOO has_procedure MGA2-32-OK MGA3-32-OK MGA3-64-ok
Testing complete mga2 64
Whiteboard: MGA2TOO has_procedure MGA2-32-OK MGA3-32-OK MGA3-64-ok => MGA2TOO has_procedure MGA2-32-OK MGA3-32-OK MGA3-64-ok MGA2-64-OK
Validating. Advisory uploaded. Could sysadmin please push from 2 & 3 core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0188.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
FYI. There is a PoC for this: wget "https://bugzilla.redhat.com/attachment.cgi?id=761296" -O CVE-2013-2174-poc.c gcc -o CVE-2013-2174-poc CVE-2013-2174-poc.c -lcurl ./CVE-2013-2174-poc (tested, all ok)
CC: (none) => oe
CC: boklm => (none)