Mandriva Linux Security Advisory : curl (MDVSA-2013:180)
Medium Nessus Plugin ID 67010
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in curl :
libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller (CVE-2013-2174).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.