[SECURITY] [DSA 2398-2] curl regression



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2398-2 security@xxxxxxxxxx
http://www.debian.org/security/ Florian Weimer
March 31, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
Vulnerability : regression
Debian-specific: no
Debian Bug : 658276

cURL is a command-line tool and library for transferring data with URL
syntax. It was discovered that the countermeasures against the
Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,
"BEAST") cause interoperability issues with some server
implementations. This update ads the the CURLOPT_SSL_OPTIONS and
CURLSSLOPT_ALLOW_BEAST options to the library, and the
- --ssl-allow-beast option to the "curl" program.

For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze2.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPd10cAAoJEL97/wQC1SS+888H/RqIFN6Ar1dMC5s/cqkKw6lv
s1TBltSE8pKe3oR3zS+z4RBKNG0RdxElON2Z9AlhqZM2XF9ZDf0jUKIBdrrdiSgm
tfh5pMH5rfMJrF3VODnXRZqzGm7zWlzZD2Q7H47OMwxgD5qd87ucuB3tWgc04xjv
scH/TbxW2AUoP68KB8POQiFN+TJc0m8WFyQIUiDx3eXw2Mx7qEVO0fWm2tLsDQFF
KoZ8cPS1aC3/S2nN3JfCOWZZ/X+i6kibASNZLxAAzEcPT/6heWNk8t+CeQdulXrD
1ZAcUj7A2+HMCHBaC1JNySL36eacs5A0l/HIouR+1M/jd/tnZKMZlv0gTb6h0FE=
=Oun5
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [SECURITY] [DSA 2398-2] curl regression
    ... syntax. ... This update ads the the CURLOPT_SSL_OPTIONS and ... We recommend that you upgrade your curl packages. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [Full-disclosure] [SECURITY] [DSA 2660-1] curl security update
    ... Vulnerability: exposure of sensitive information ... Both curl the command line tool and applications using the libcurl ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [SECURITY] [DSA 2660-1] curl security update
    ... Vulnerability: exposure of sensitive information ... Both curl the command line tool and applications using the libcurl ... Further information about Debian Security Advisories, ...
    (Bugtraq)
  • [SECURITY] [DSA 2798-1] curl security update
    ... Scott Cantor discovered that curl, a file retrieval tool, would disable ... This would also disable ssl certificate host name checks ... For the oldstable distribution, this problem has been fixed in ... Further information about Debian Security Advisories, ...
    (Bugtraq)
  • [Full-disclosure] [SECURITY] [DSA 2798-1] curl security update
    ... Scott Cantor discovered that curl, a file retrieval tool, would disable ... This would also disable ssl certificate host name checks ... For the oldstable distribution, this problem has been fixed in ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)