ALAS-2013-210


Amazon Linux 1 Security Advisory: ALAS-2013-210
Advisory Release Date: 2013-07-12 15:32 Pacific
Advisory Updated Date: 2014-09-15 23:17 Pacific
Severity: Medium

Issue Overview:

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
i686:
    libcurl-devel-7.27.0-11.34.amzn1.i686
    curl-7.27.0-11.34.amzn1.i686
    curl-debuginfo-7.27.0-11.34.amzn1.i686
    libcurl-7.27.0-11.34.amzn1.i686

src:
    curl-7.27.0-11.34.amzn1.src

x86_64:
    curl-7.27.0-11.34.amzn1.x86_64
    libcurl-7.27.0-11.34.amzn1.x86_64
    curl-debuginfo-7.27.0-11.34.amzn1.x86_64
    libcurl-devel-7.27.0-11.34.amzn1.x86_64