Oval Definition:oval:com.redhat.rhsa:def:20050807
Revision Date:2005-11-02Version:501
Title:RHSA-2005:807: curl security update (Moderate)
Description:cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols.

A stack based buffer overflow bug was found in cURL's NTLM authentication module. It is possible to execute arbitrary code on a user's machine if the user can be tricked into connecting to a malicious web server using NTLM authentication. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3185 to this issue.

All users of curl are advised to upgrade to these updated packages, which contain a backported patch that resolve this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2005-3185
RHSA-2005:807-00
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • curl is earlier than 0:7.10.6-7.rhel3
  • AND curl is signed with Red Hat master key
  • curl-devel is earlier than 0:7.10.6-7.rhel3
  • AND curl-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • curl is earlier than 0:7.12.1-6.rhel4
  • AND curl is signed with Red Hat master key
  • curl-devel is earlier than 0:7.12.1-6.rhel4
  • AND curl-devel is signed with Red Hat master key
    • BACK