Subject: [RHBA-2000:092-05] Updated curl packages available. From: bugzilla@redhat.com Date: Mon, 27 Nov 2000 18:35 -0500 To: redhat-watch-list@redhat.com --------------------------------------------------------------------- Red Hat, Inc. Bug Fix Advisory Synopsis: Updated curl packages available. Advisory ID: RHBA-2000:092-05 Issue date: 2000-10-23 Updated on: 2000-11-27 Product: Red Hat Powertools Keywords: N/A Cross references: N/A --------------------------------------------------------------------- 1. Topic: Updated curl packages are available for Red Hat Power Tools 6.x and 7. 2000-11-27: Added packages for Red Hat Power Tools 7 for Alpha 2. Relevant releases/architectures: Red Hat Powertools 6.1 - i386, alpha, sparc Red Hat Powertools 6.2 - i386, alpha, sparc Red Hat Powertools 7.0 - i386, alpha 3. Problem description: A bug in some versions of curl would cause it to incorrectly parse error responses from FTP servers. A malicious FTP server could use this bug to crash its client. The packages listed in the previous errata (RHBA-2000:092-01) should not be used since the "-c" option does not function properly. Please use the packages listed in this updated errata instead. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 20337 - -c with FTP is broken in curl 7.3 6. RPMs required: Red Hat Powertools 6.2: alpha: ftp://updates.redhat.com/powertools/6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm sparc: ftp://updates.redhat.com/powertools/6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm i386: ftp://updates.redhat.com/powertools/6.2/i386/curl-7.4.1-1.6.x.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/curl-7.4.1-1.6.x.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm sources: ftp://updates.redhat.com/powertools/6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm ftp://updates.redhat.com/powertools/6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm Red Hat Powertools 7.0: alpha: ftp://updates.redhat.com/powertools/7.0/alpha/curl-7.4.1-1.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/curl-devel-7.4.1-1.alpha.rpm i386: ftp://updates.redhat.com/powertools/7.0/i386/curl-7.4.1-1.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/curl-devel-7.4.1-1.i386.rpm sources: ftp://updates.redhat.com/powertools/7.0/SRPMS/curl-7.4.1-1.src.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c682b7c454ad3c3d7d6e56d2e7781e76 6.2/SRPMS/curl-7.4.1-1.6.x.src.rpm ddab1e477ba009284e6128b2ad555961 6.2/alpha/curl-7.4.1-1.6.x.alpha.rpm 4b55c56f68784e575bf045b27ecaad05 6.2/alpha/curl-devel-7.4.1-1.6.x.alpha.rpm bcf89966984970fcc958943842690452 6.2/i386/curl-7.4.1-1.6.x.i386.rpm 4d0c3756e007b81cfe397a4ff60b9419 6.2/i386/curl-devel-7.4.1-1.6.x.i386.rpm 80bdadc359aa9f76d5d4bddc257809bb 6.2/sparc/curl-7.4.1-1.6.x.sparc.rpm 67fc0b4c45caa6700184c41fb227e7e1 6.2/sparc/curl-devel-7.4.1-1.6.x.sparc.rpm eea36738f71c6d6a73e94059b3a06fca 7.0/SRPMS/curl-7.4.1-1.src.rpm 11f894b7846a9f2d7c9dffc81fa1180a 7.0/alpha/curl-7.4.1-1.alpha.rpm d823006bf21f3919ec274f65e2e493fd 7.0/alpha/curl-devel-7.4.1-1.alpha.rpm 2505ed67c1698078c131cda57e7dffd8 7.0/i386/curl-7.4.1-1.i386.rpm 83dccfb76b2701599cb428f93442b78c 7.0/i386/curl-devel-7.4.1-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/bid/1804 http://sourceforge.net/bugs/?funcŪtailbug66886 Thanks to mschwendt@web.de for reporting bug #20337 Copyright(c) 2000 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list