Libcurl Vulnerability Found (And Fixed)

[deadly7]

Package        : curl
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-4077 CVE-2005-3185
BugTraq ID     : 15756 15102 15647
Debian Bug     : 342339 342696

Several problems were discovered in libcurl, a multi-protocol file
transfer library.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2005-3185

   A vulnerability has been discovered a buffer overflow in libcurl
   that could allow the execution of arbitrary code.

CVE-2005-4077

   Stefan Esser discovered several off-by-one errors that allows
   local users to trigger a buffer overflow and cause a denial of
   service or bypass PHP security restrictions via certain URLs.

For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody1.

For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge4.  This update also includes a bugfix against
data corruption.

For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.

We recommend that you upgrade your libcurl packages.

Hats off to the LibCurl programmers.

[iago]

Isn't this old?  Or is there a new one?  I remember lynx and curl had a couple (really stupid) vulnerabilities a couple months ago.  It's possible that it's taken Debian this long to patch it, though, I often see them re-post really old vulnerabilities when they update their distro :)

[deadly7]

I wouldn't know if it was old, I just recently subscribed to bugtraq..

[iago]

Yeah, I checked out CVE-2005-3185. 

It's from October 12/05. 

Debian is just slow.  Stupid Debian, Slackware for life :)

[deadly7]

Oh.. god that's lame.

[iago]

Or was it December 10... it's 20051012, take that how you want :)