GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Jun 22, 2014 2:26 pm Post subject: [ GLSA 201406-21 ] cURL: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: cURL: Multiple vulnerabilities (GLSA 201406-21)
Severity: normal
Exploitable: local, remote
Date: June 22, 2014
Bug(s): #505864
ID: 201406-21
Synopsis
Multiple vulnerabilities have been discovered in cURL, the worst of
which could lead to man-in-the-middle attacks.
Background
cURL is a command line tool for transferring files with URL syntax,
supporting numerous protocols.
Affected Packages
Package: net-misc/curl
Vulnerable: < 7.36.0
Unaffected: >= 7.36.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in cURL. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker could cause a man-in-the-middle attack via a crafted
certificate issued by a legitimate certification authority. Furthermore,
a context-dependent attacker may be able to bypass security restrictions
by connecting as other users.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.36.0"
|
References
CVE-2014-0138
CVE-2014-0139 |
|
News & Announcements
