Scientific Linux Security Update : curl on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Wesley Miaw discovered that when deflate compression was used, libcurl
could call the registered write callback function with data exceeding
the documented limit. A malicious server could use this flaw to crash
an application using libcurl or, potentially, execute arbitrary code.
Note: This issue only affected applications using libcurl that rely on
the documented data size limit, and that copy the data to the
insufficiently sized buffer. (CVE-2010-0734)

This update also fixes the following bugs :

- when using curl to upload a file, if the connection was
broken or reset by the server during the transfer, curl
immediately started using 100% CPU and failed to
acknowledge that the transfer had failed. With this
update, curl displays an appropriate error message and
exits when an upload fails mid-transfer due to a broken
or reset connection. (BZ#479967)

- libcurl experienced a segmentation fault when attempting
to reuse a connection after performing GSS-negotiate
authentication, which in turn caused the curl program to
crash. This update fixes this bug so that reused
connections are able to be successfully established even
after GSS-negotiate authentication has been performed.
(BZ#517199)

As well, this update adds the following enhancements :

- curl now supports loading Certificate Revocation Lists
(CRLs) from a Privacy Enhanced Mail (PEM) file. When
curl attempts to access sites that have had their
certificate revoked in a CRL, curl refuses access to
those sites. (BZ#532069)

- the curl(1) manual page has been updated to clarify that
the '--socks4' and '--socks5' options do not work with
the IPv6, FTPS, or LDAP protocols. (BZ#473128)

- the curl utility's program help, which is accessed by
running 'curl -h', has been updated with descriptions
for the '--ftp-account' and '--ftp-alternative-to-user'
options. (BZ#517084)

All running applications using libcurl must be restarted for the
update to take effect.

See also :

http://www.nessus.org/u?82cea57d
https://bugzilla.redhat.com/show_bug.cgi?id=473128
https://bugzilla.redhat.com/show_bug.cgi?id=479967
https://bugzilla.redhat.com/show_bug.cgi?id=517084
https://bugzilla.redhat.com/show_bug.cgi?id=517199
https://bugzilla.redhat.com/show_bug.cgi?id=532069

Solution :

Update the affected curl and / or curl-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60765 ()

Bugtraq ID:

CVE ID: CVE-2010-0734