Medium: curl

2014-09-15T23:17:00
ID ALAS-2013-210
Type amazon
Reporter Amazon
Modified 2014-09-15T23:17:00

Description

Issue Overview:

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Affected Packages:

curl

Issue Correction:
Run yum update curl to update your system.

New Packages:

i686:  
    libcurl-devel-7.27.0-11.34.amzn1.i686  
    curl-7.27.0-11.34.amzn1.i686  
    curl-debuginfo-7.27.0-11.34.amzn1.i686  
    libcurl-7.27.0-11.34.amzn1.i686

src:  
    curl-7.27.0-11.34.amzn1.src

x86_64:  
    curl-7.27.0-11.34.amzn1.x86_64  
    libcurl-7.27.0-11.34.amzn1.x86_64  
    curl-debuginfo-7.27.0-11.34.amzn1.x86_64  
    libcurl-devel-7.27.0-11.34.amzn1.x86_64