Advisories » MGASA-2013-0188

Updated curl packages fix CVE-2013-2174

Publication date: 26 Jun 2013
Modification date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2174

Description

libcurl is vulnerable to a case of bad checking of the input data which may
lead to heap corruption. The function curl_easy_unescape() decodes URL encoded
strings to raw binary data. URL encoded octets are represented with %HH
combinations where HH is a two-digit hexadecimal number. The decoded string is
written to an allocated memory area that the function returns to the caller
(CVE-2013-2174)
                

References

• http://curl.haxx.se/docs/adv_20130622.html
• https://bugs.mageia.org/show_bug.cgi?id=10595
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

SRPMS

2/core

• curl-7.24.0-1.2.mga2

3/core

• curl-7.28.1-6.1.mga3