The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several off-by-one
errors are not sufficient. For completeness please find the original
bug description below:
>
> Several problems were discovered in libcurl, a multi-protocol file
> transfer library. The Common Vulnerabilities and Exposures project
> identifies the following problems:
>
>
> * CVE-2005-3185
> A buffer overflow has been discovered in libcurl
> that could allow the execution of arbitrary code.
> * CVE-2005-4077
> Stefan Esser discovered several off-by-one errors that allows
> local users to trigger a buffer overflow and cause a denial of
> service or bypass PHP security restrictions via certain URLs.
>
>
>
For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody2.
For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge5. This update also includes a bugfix against
data corruption.
For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.
We recommend that you upgrade your libcurl packages.
CPE | Name | Operator | Version |
---|---|---|---|
curl | eq | 7.13.2-2sarge2 | |
curl | eq | 7.13.2-2 | |
curl | eq | 7.13.2-2sarge3 | |
curl | eq | 7.13.2-2sarge4 | |
curl | eq | 7.13.2-2sarge1 |