Date: Mon, 6 Nov 2000 16:09 -0500
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHBA-2000:092-03] Updated curl packages available.
Red Hat, Inc. Bug Fix Advisory
Synopsis: Updated curl packages available.
Advisory ID: RHBA-2000:092-03
Issue date: 2000-10-23
Updated on: 2000-11-06
Product: Red Hat Powertools
Keywords: N/A
Cross references: N/A
1. Topic:
Updated curl packages are available for Red Hat Power Tools 6.x
and 7.
2. Relevant releases/architectures:
Red Hat Powertools 6.1 – i386, alpha, sparc
Red Hat Powertools 6.2 – i386, alpha, sparc
Red Hat Powertools 7.0 – i386
3. Problem description: A bug in some versions of curl would
cause it to incorrectly parse error responses from FTP servers. A
malicious FTP server could use this bug to crash its client.
The packages listed in the previous errata (RHBA-2000:092-01)
should not be used since the “-c” option does not function
properly. Please use the packages listed in this updated errata
instead.
4. Solution:
For each RPM for your particular architecture, run: rpm -Fvh
[filename] where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):
20337 – -c with FTP is broken in curl 7.3
6. RPMs required:
Red Hat Powertools 6.2:
alpha:
ftp://updates.redhat.com/powertools/6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm
ftp://updates.redhat.com/powertools/6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm
ftp://updates.redhat.com/powertools/6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm
ftp://updates.redhat.com/powertools/6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm
sparc:
ftp://updates.redhat.com/powertools/6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm
ftp://updates.redhat.com/powertools/6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm
ftp://updates.redhat.com/powertools/6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm
ftp://updates.redhat.com/powertools/6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm
i386:
ftp://updates.redhat.com/powertools/6.2/i386/curl-7.4.1-1.6.x.i386.rpm
ftp://updates.redhat.com/powertools/6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm
ftp://updates.redhat.com/powertools/6.2/i386/curl-7.4.1-1.6.x.i386.rpm
ftp://updates.redhat.com/powertools/6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm
sources:
ftp://updates.redhat.com/powertools/6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm
ftp://updates.redhat.com/powertools/6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm
Red Hat Powertools 7.0:
i386:
ftp://updates.redhat.com/powertools/7.0/i386/curl-7.4.1-1.i386.rpm
ftp://updates.redhat.com/powertools/7.0/i386/curl-devel-7.4.1-1.i386.rpm
sources:
ftp://updates.redhat.com/powertools/7.0/SRPMS/curl-7.4.1-1.src.rpm
7. Verification:
MD5 sum Package Name
c682b7c454ad3c3d7d6e56d2e7781e76 6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm
ddab1e477ba009284e6128b2ad555961 6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm
4b55c56f68784e575bf045b27ecaad05 6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm
bcf89966984970fcc958943842690452 6.2/i386/curl-7.4.1-1.6.x.i386.rpm
4d0c3756e007b81cfe397a4ff60b9419 6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm
80bdadc359aa9f76d5d4bddc257809bb 6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm
67fc0b4c45caa6700184c41fb227e7e1 6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm
eea36738f71c6d6a73e94059b3a06fca 7.0/SRPMS/curl-7.4.1-1.src.rpm
2505ed67c1698078c131cda57e7dffd8 7.0/i386/curl-7.4.1-1.i386.rpm
83dccfb76b2701599cb428f93442b78c 7.0/i386/curl-devel-7.4.1-1.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm –checksig <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <:filename>
8. References:
http://www.securityfocus.com/bid/1804
http://sourceforge.net/bugs/?func=detailbug=116688=976
Thanks to mschwendt@web.de for reporting bug #20337
Copyright(c) 2000 Red Hat, Inc.