Slackwarearm-14.0 ChangeLog (2013-02-08)

Fri Feb 8 21:35:08 UTC 2013

  • patches/packages/curl-7.29.0-arm-1_slack14.0.tgz
    When negotiating SASL DIGEST-MD5 authentication, the function
    Curl_sasl_create_digest_md5_message() uses the data provided from the
    server without doing the proper length checks and that data is then
    appended to a local fixed-size buffer on the stack. This vulnerability
    can be exploited by someone who is in control of a server that a libcurl
    based program is accessing with POP3, SMTP or IMAP. For applications
    that accept user provided URLs, it is also thinkable that a malicious
    user would feed an application with a URL to a server hosting code
    targeting this flaw.
    Affected versions: curl 7.26.0 to and including 7.28.1
    For more information, see:
    (* Security fix *)
  • news/2013/02/08/slackwarearm-14.0-changelog.txt
  • Last modified: 6 years ago
  • by Giuseppe Di Terlizzi