curl and curl-ssl


    Debian (and others?)


    Following is based on a Debian Security Advisory.  The version  of
    curl as  distributed with  Debian GNU/Linux  2.2 had  a bug in the
    error logging code: when it created an error message it failed  to
    check the size  of the buffer  allocated for storing  the message.
    This could  be exploited  by the  remote machine  by returning  an
    invalid response to a request from curl which overflows the  error
    buffer and trick curl into executing arbitrary code.

    Debian ships with two versions of curl: the normal curl package,
    and the crypto-enabled curl-ssl package.

    Daniel Stenberg is  the main author  of curl and  according to him
    the  information  and  discussion  are  accurate, to the point and
    describes the  problem (even  if somewhat  unspecific).   However,
    the  most  bothering  thing  is  that  the  described  exploit  is
    *entirely* wrong!

    There's a "buffer overflow" example posted in the curl bug  report
    system that would make a  far better (and correct) example  of how
    to crash curl using the posted flaw.


    This  bug  has  been  fixed  in  curl version 6.0-1.1 and curl-ssl
    version  6.0-1.2.   Debian  recommends  you  upgrade  your curl or
    curl-ssl package immediately:

    For RedHat:

    For FreeBSD: