Synopsis:          Moderate: curl security update
Advisory ID:       SLSA-2013:0771-1
Issue Date:        2013-04-24
CVE Numbers:       CVE-2013-1944
--

A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against libcurl
sending the wrong cookie if only part of the domain name matched the
domain associated with the cookie, disclosing the cookie to unrelated
hosts. (CVE-2013-1944)

All running applications using libcurl must be restarted for the update to
take effect.
--

SL5
  x86_64
    curl-7.15.5-16.el5_9.i386.rpm
    curl-7.15.5-16.el5_9.x86_64.rpm
    curl-debuginfo-7.15.5-16.el5_9.i386.rpm
    curl-debuginfo-7.15.5-16.el5_9.x86_64.rpm
    curl-devel-7.15.5-16.el5_9.i386.rpm
    curl-devel-7.15.5-16.el5_9.x86_64.rpm
  i386
    curl-7.15.5-16.el5_9.i386.rpm
    curl-debuginfo-7.15.5-16.el5_9.i386.rpm
    curl-devel-7.15.5-16.el5_9.i386.rpm
SL6
  x86_64
    curl-7.19.7-36.el6_4.x86_64.rpm
    curl-debuginfo-7.19.7-36.el6_4.i686.rpm
    curl-debuginfo-7.19.7-36.el6_4.x86_64.rpm
    libcurl-7.19.7-36.el6_4.i686.rpm
    libcurl-7.19.7-36.el6_4.x86_64.rpm
    libcurl-devel-7.19.7-36.el6_4.i686.rpm
    libcurl-devel-7.19.7-36.el6_4.x86_64.rpm
  i386
    curl-7.19.7-36.el6_4.i686.rpm
    curl-debuginfo-7.19.7-36.el6_4.i686.rpm
    libcurl-7.19.7-36.el6_4.i686.rpm
    libcurl-devel-7.19.7-36.el6_4.i686.rpm

For dependency resolution the following packages were added to SL6
  x86_64
    libssh2-1.4.2-1.el6.i686.rpm
    libssh2-1.4.2-1.el6.x86_64.rpm
    libssh2-devel-1.4.2-1.el6.i686.rpm
    libssh2-devel-1.4.2-1.el6.x86_64.rpm
    libssh2-docs-1.4.2-1.el6.x86_64.rpm
  i386
    libssh2-1.4.2-1.el6.i686.rpm
    libssh2-devel-1.4.2-1.el6.i686.rpm
    libssh2-docs-1.4.2-1.el6.i686.rpm

- Scientific Linux Development Team