Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30021
HistoryNov 26, 2013 - 12:00 a.m.

[ MDVSA-2013:276 ] curl

2013-11-2600:00:00
vulners.com
34
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2013:276
http://www.mandriva.com/en/support/security/

Package : curl
Date : November 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0

Problem Description:

Updated curl packages fix security vulnerability:

Scott Cantor discovered that curl, a file retrieval tool, would disable
the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER
setting was disabled. This would also disable ssl certificate host
name checks when it should have only disabled verification of the
certificate trust chain (CVE-2013-4545).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
http://advisories.mageia.org/MGASA-2013-0338.html

Updated Packages:

Mandriva Enterprise Server 5:
8f84022018a0be9caba70cc8cf6b98d1 mes5/i586/curl-7.19.0-2.8mdvmes5.2.i586.rpm
e86ae32c140ab086117a626b1dc4247c mes5/i586/curl-examples-7.19.0-2.8mdvmes5.2.i586.rpm
af24903c9f5de553fb3608bd58218f24 mes5/i586/libcurl4-7.19.0-2.8mdvmes5.2.i586.rpm
bf050fb57bfcdf91bb8b60f3b0c0e25f mes5/i586/libcurl-devel-7.19.0-2.8mdvmes5.2.i586.rpm
dfb61d68c4c646ab7bd0a9d3a1c39469 mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
4ccbd52d83d96e492d15463f39e4592e mes5/x86_64/curl-7.19.0-2.8mdvmes5.2.x86_64.rpm
9c4dd21c21347ef24faa736eec23f8d1 mes5/x86_64/curl-examples-7.19.0-2.8mdvmes5.2.x86_64.rpm
1ec84b9e08af585ec52115c780f8f7ad mes5/x86_64/lib64curl4-7.19.0-2.8mdvmes5.2.x86_64.rpm
d9ca888f8a41efdbed7413c08b0a3c6c mes5/x86_64/lib64curl-devel-7.19.0-2.8mdvmes5.2.x86_64.rpm
dfb61d68c4c646ab7bd0a9d3a1c39469 mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
1c6d38ad16cfbbd7c08ac4db92c3c322 mbs1/x86_64/curl-7.24.0-2.3.mbs1.x86_64.rpm
47944d2322c89eb7e167ff2cfaaa0c21 mbs1/x86_64/curl-examples-7.24.0-2.3.mbs1.x86_64.rpm
6b2c3b949347f726bb1a68700d3de178 mbs1/x86_64/lib64curl4-7.24.0-2.3.mbs1.x86_64.rpm
1b2449e78f76b8af262fa990317cc6f4 mbs1/x86_64/lib64curl-devel-7.24.0-2.3.mbs1.x86_64.rpm
5158e7b7a60bad696d90178ec462c6a0 mbs1/SRPMS/curl-7.24.0-2.3.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSjdjzmqjQ0CJFipgRAixLAJ41ILVt778Lt5wIF9Jwom7KBcuW5gCffIDn
M5ZuM4EwtuqxlZfXqbsmaJI=
=iHkm
-----END PGP SIGNATURE-----

Related

openvas 13
nessus 13
fedora 5
cve 1
mageia 1
debian 4
ubuntu 1
f5 2
prion 1
debiancve 1
ubuntucve 2
securityvulns 5
ibm 3
kaspersky 1
hackerone 1
rosalinux 1
oracle 3
openvas
openvas
Fedora Update for mingw-curl FEDORA-2013-21887
2013-12-03 00:00:00
Fedora Update for mingw-curl FEDORA-2013-22046
2014-02-05 00:00:00
Debian Security Advisory DSA 2798-1 (curl - unchecked ssl certificate host name)
2013-11-17 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : curl (MDVSA-2013:276)
2013-11-22 00:00:00
Fedora 19 : mingw-curl-7.33.0-1.fc19 (2013-21887)
2013-12-02 00:00:00
SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8617 / 8621)
2014-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-curl-7.33.0-1.fc20
2013-12-14 03:07:35
[SECURITY] Fedora 19 Update: mingw-curl-7.33.0-1.fc19
2013-12-02 09:35:24
[SECURITY] Fedora 20 Update: mingw-curl-7.37.0-1.fc20
2014-06-10 02:52:24
cve
cve
CVE-2013-4545
2013-11-23 11:55:00
mageia
mageia
Updated curl packages fix CVE-2013-4545
2013-11-21 00:56:39
debian
debian
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
ubuntu
ubuntu
curl vulnerability
2013-12-05 00:00:00
f5
f5
K15150 : cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
SOL15150 - cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
prion
prion
Design/Logic Flaw
2013-11-23 11:55:00
debiancve
debiancve
CVE-2013-4545
2013-11-23 11:55:00
ubuntucve
ubuntucve
CVE-2013-4545
2013-11-23 00:00:00
CVE-2013-6422
2013-12-17 00:00:00
securityvulns
securityvulns
cURL certificates spoofing
2013-12-23 00:00:00
[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage &#40;SMH&#41; on Linux and Windows, Multiple Vulnerabilities
2014-10-05 00:00:00
HP System Management Homepage multiple security vulnerabilities
2014-10-15 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Flex System Manager (FSM): (CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-013)
2019-01-31 01:30:01
Security Bulletin: Vulnerabilities in curl affect IBM Chassis Management Module (CMM) (CVE-2013-4545, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-2174)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities affect IBM's Advanced Management Module (AMM)
2023-04-14 14:32:25
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30021
openvas13nessus13fedora5cve1mageia1debian4ubuntu1f52prion1debiancve1ubuntucve2securityvulns5ibm3kaspersky1hackerone1rosalinux1oracle3