OpenPKG Security Advisory
OpenPKG-SA-2006.012
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.012 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.012 Advisory Published: 2008-08-07 22:00 UTC Issue Id (internal): OpenPKG-SI-20060628.02 Issue First Created: 2006-06-28 Issue Last Modified: 2006-12-07 Issue Revision: 09
Subject Name: curl Subject Summary: Batch Client for HTTP, HTTPS, FTP, LDAP and DICT protocol Subject Home: http://curl.haxx.se/ Subject Versions: * <= 7.15.2 Vulnerability Id: CVE-2006-1061 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: According to a vendor security advisory [0], a buffer overflow exists in cURL [1], a command line tool for fetching content via URLs. References: [0] http://curl.haxx.se/docs/adv_20060320.html [1] http://curl.haxx.se/
Primary Package Name: curl Primary Package Home: http://openpkg.org/go/package/curl Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.5-SOLID curl-7.15.0-2.5.1 OpenPKG Community 2-STABLE n/a OpenPKG Community CURRENT curl-7.15.2-20060227 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.5-SOLID curl-7.15.0-2.5.2 OpenPKG Community 2-STABLE n/a OpenPKG Community CURRENT curl-7.15.3-20060320
