TITLE: SUSE update for curl/wget SECUNIA ADVISORY ID: SA17320 VERIFY ADVISORY: http://secunia.com/advisories/17320/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux 9.3 http://secunia.com/product/4933/ SUSE Linux 9.2 http://secunia.com/product/4258/ SuSE Linux 9.1 http://secunia.com/product/3473/ DESCRIPTION: SUSE has issued updates for curl and wget. These fix a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17192 SA17193 SOLUTION: Apply updated packages. -- x86 Platform -- SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/compat-curl2-7.11.0-6.2.i586.rpm dc1b2e8dc509adca503b7f2e7724be49 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/curl-7.13.0-5.2.i586.rpm 937855b131da29025f48cab5880a91ea ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/wget-1.10-1.3.i586.rpm 556ba3000c278fecfec9c24b1b5ce44f SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/compat-curl2-7.11.0-4.4.i586.rpm 2b21dc3b9877f45602191cc33c695734 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/curl-7.12.0-2.4.i586.rpm 77802b5fb55775fd00b1e7e71cb03aab SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/curl-7.11.0-39.9.i586.rpm 8f18c55e56f560e641173b7ca96a13a6 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/curl-32bit-9.1-200510171252.i586.rpm 07b00ace15bc16b4e6ee878cb4703f34 -- x86-64 Platform -- SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/compat-curl2-32bit-9.3-7.1.x86_64.rpm 8064b387585923ca8bf897294d6e0750 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/compat-curl2-7.11.0-6.2.x86_64.rpm c6174cc85a1a8a7ae0aef33703b255ab ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/curl-32bit-9.3-7.1.x86_64.rpm d4da6969e3c7c08c2387bf2f491ae6b2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/curl-7.13.0-5.2.x86_64.rpm d6db8fa9847c74194db4b11508aa81e5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/wget-1.10-1.3.x86_64.rpm 62373d0f58db04c85d6d558002b61439 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/compat-curl2-32bit-9.2-200510171251.x86_64.rpm 8176f04bcc6b8a5b5e6730570d71e1dc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/compat-curl2-7.11.0-4.4.x86_64.rpm 77ca0f684608cd05d6680b71a60f3d2b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/curl-7.12.0-2.4.x86_64.rpm 225eaed129a89f522099a4dd05fbd92f SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/curl-7.11.0-39.9.x86_64.rpm c7e53c0f5b9e176ea517b2cd6e212b7b -- Sources -- SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/compat-curl2-7.11.0-6.2.src.rpm f28644961a98a391fcd4f9c220d95976 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/curl-7.13.0-5.2.src.rpm 115bbe666fc6d170f0209bf08d415e94 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/wget-1.10-1.3.src.rpm 201a3d45868f65590bb78bb80f40c1f5 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/compat-curl2-7.11.0-4.4.src.rpm 9c3f454a7d31bddee04df39a6b10052c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/curl-7.12.0-2.4.src.rpm f5249c9853905e77323c6febfe319809 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/curl-7.11.0-39.9.src.rpm c64049955adb7067312b8716e61e2819 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/curl-7.11.0-39.9.src.rpm 9bb9bd0870ab5a6a76e5da583323ca98 ORIGINAL ADVISORY: http://lists.suse.com/archive/suse-security-announce/2005-Oct/0009.html OTHER REFERENCES: SA17192: http://secunia.com/advisories/17192/ SA17193: http://secunia.com/advisories/17193/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------