Advisories » MGASA-2013-0338

Updated curl packages fix CVE-2013-4545

Publication date: 20 Nov 2013
Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4545

Description

Updated curl packages fix security vulnerability:

Scott Cantor discovered that curl, a file retrieval tool, would disable the
CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was
disabled. This would also disable ssl certificate host name checks when it
should have only disabled verification of the certificate trust chain
(CVE-2013-4545).
                

References

• http://curl.haxx.se/docs/adv_20131115.html
• http://www.debian.org/security/2013/dsa-2798
• https://bugs.mageia.org/show_bug.cgi?id=11703
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545

SRPMS

3/core

• curl-7.28.1-6.2.mga3

2/core

• curl-7.24.0-1.3.mga2