Mageia Bugzilla – Bug 9713
curl new security issue CVE-2013-1944
Last modified: 2013-04-18 00:31:00 CEST
Upstream has issued an advisory today (April 12):
The issue is fixed upstream in 7.30.0 and with a patch.
The patch is currently checked into Cauldron and Mageia 2 SVN.
Steps to Reproduce:
Patched packages uploaded for Mageia 2 and Cauldron.
Updated curl packages fix security vulnerability:
libcurl is vulnerable to a cookie leak vulnerability when doing requests across
domains with matching tails. This vulnerability can be used to hijack sessions
in targetted attacks since registering domains using a known domain's name as
an ending is trivial (CVE-2013-1944).
Updated packages in core/updates_testing:
Ubuntu has issued an advisory for this on April 15:
Re-diffed patch from Ubuntu added to Mageia 1 SVN.
Testing complete mga2 32
Curl also as a comprehensive testsuite which runs at build time.
Testing complete mga2 64
SRPM & advisory in comment 1
Could sysadmin please push from core/updates_testing to core/updates