Users of curl please be advised of a denial-of-service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
rPSA-2010-0072-1: [rPSA-2010-0072-1] curl denial-of-service
Description:
Previous versions of curl do not properly restrict the amount of
callback data sent to an application that requests automatic
decompression, which might allow remote attackers to cause a denial
of service (application crash) or have unspecified other impact by
sending crafted compressed data to an application that relies on the
intended data-length limit. This has been fixed.
Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/e7mh
No comments:
Post a Comment