Advisories ยป MGASA-2013-0338

Updated curl packages fix CVE-2013-4545

Publication date: 20 Nov 2013
Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4545

Description

Updated curl packages fix security vulnerability:

Scott Cantor discovered that curl, a file retrieval tool, would disable the
CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was
disabled. This would also disable ssl certificate host name checks when it
should have only disabled verification of the certificate trust chain
(CVE-2013-4545).
                

References

SRPMS

2/core

3/core