- Home
- CVEs with nessus.description==Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code.
Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734)
This update also fixes the following bugs :
- when using curl to upload a file, if the connection was broken or reset by the server during the transfer, curl immediately started using 100% CPU and failed to acknowledge that the transfer had failed. With this update, curl displays an appropriate error message and exits when an upload fails mid-transfer due to a broken or reset connection. (BZ#479967)
- libcurl experienced a segmentation fault when attempting to reuse a connection after performing GSS-negotiate authentication, which in turn caused the curl program to crash. This update fixes this bug so that reused connections are able to be successfully established even after GSS-negotiate authentication has been performed.
(BZ#517199)
As well, this update adds the following enhancements :
- curl now supports loading Certificate Revocation Lists (CRLs) from a Privacy Enhanced Mail (PEM) file. When curl attempts to access sites that have had their certificate revoked in a CRL, curl refuses access to those sites. (BZ#532069)
- the curl(1) manual page has been updated to clarify that the '--socks4' and '--socks5' options do not work with the IPv6, FTPS, or LDAP protocols. (BZ#473128)
- the curl utility's program help, which is accessed by running 'curl -h', has been updated with descriptions for the '--ftp-account' and '--ftp-alternative-to-user' options. (BZ#517084)
All running applications using libcurl must be restarted for the update to take effect.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top