CVE-2014-0139: cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common…

CVE-2014-0138 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. (CVE-2014-0138) Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-0139) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2014-0139 [MEDIUM] CWE-297 curl: IP address wildcard certificate validation issue in libcurl curl: IP address wildcard certificate validation issue in libcurl cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Statement: This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 6 and 7 because it uses the NSS backend, not OpenSSL. It does affect Red Hat Enterprise Linux 5 which uses the OpenSSL backend. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is

CVE-2014-0139 [MEDIUM] CVE-2014-0139: curl - cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gsk... cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Scope: local bookworm: resolved (fixed in 7.36.0-1) bullseye: resolved (fixed in 7.36.0-1) forky: resolved (fixed in 7.36.0-1) sid: resolved (fixed in 7.36.0-1) trixie: resolved (fixed in 7.36.0-1)

CVE-2014-0139 [MEDIUM] GHSA-vwm2-85hg-5h4q: cURL and libcurl 7 cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVE-2014-0139 [MEDIUM] CVE-2014-0139: cURL and libcurl 7 cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVE-2014-0138 [MEDIUM] CVE-2014-0138 CVE-2014-0139 mingw32-curl: various flaws [epel-5] CVE-2014-0138 CVE-2014-0139 mingw32-curl: various flaws [epel-5] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. epel-5 tracking bug for mingw32-cur

CVE-2014-0138 [MEDIUM] CVE-2014-0138 CVE-2014-0139 mingw-curl: various flaws [fedora-all] CVE-2014-0138 CVE-2014-0139 mingw-curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects multip

CVE-2014-0139 [MEDIUM] CVE-2014-0139 curl: IP address wildcard certificate validation issue in libcurl CVE-2014-0139 curl: IP address wildcard certificate validation issue in libcurl Daniel Stenberg reported the following vulnerability in cURL: libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names (CNs) and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in this case. The next paragraph in the RFC then discusses CNs that are IP addresses: 'In some cases, the URI is specified as an IP address rather than a hostname. In this case, the iPAddress subjectAltName must be present in the certificate and must exactly match the IP in the URI.' The intention of the RFC is clear in that you should not be able to use wi

CVE-2013-6484 [MEDIUM] CVE-2013-6484 pidgin: DoS via specially-crafted stun messages CVE-2013-6484 pidgin: DoS via specially-crafted stun messages A flaw was found in the way pidgin handled certain responses from a stun server. A remote stun server could send specially-crafted messages to pidgin causing it to crash. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Discussion: Created attachment 855926 Local copy of patch --- External References: http://pidgin.im/news/security/?id=79 --- Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049] --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html --- pidgin-2.10.9-1.fc20 has been pushed to the Fedora 20 stable repositor

CVE-2013-6478 [MEDIUM] CVE-2013-6478 pidgin: DoS when rendering long URLs CVE-2013-6478 pidgin: DoS when rendering long URLs It was found that pidgin crashed when a mouse pointer was hovered over a long URL. libX11 forcefully exits when Pidgin tries to create an exceptionally wide tooltip window. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Discussion: Created attachment 855919 Local copy of patch --- External References: http://pidgin.im/news/security/?id=72 --- Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049] --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html --- pidgin-2.10.9-1.fc20 has been pushed to the Fedora 20 stable repository. If pro

CVE-2013-6481 [MEDIUM] CVE-2013-6481 pidgin: DoS caused due to OOB read in Yahoo protocol plugin CVE-2013-6481 pidgin: DoS caused due to OOB read in Yahoo protocol plugin The Yahoo! protocol plugin of pidgin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Daniel Atallah as the original reporter of this issue. Discussion: Created attachment 855921 Local copy of the patch --- External References: http://pidgin.im/news/security/?id=74 --- Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049] --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.

CVE-2013-6479 [MEDIUM] CVE-2013-6479 pidgin: DoS when parsing certain HTTP response headers CVE-2013-6479 pidgin: DoS when parsing certain HTTP response headers A flaw was found in the way pidgin certain HTTP response headers. A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Jacob Appelbaum of the Tor Project as the original reporter of this issue. Discussion: External References: http://pidgin.im/news/security/?id=73 --- Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049] --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html --- pidgin-2.10.9-1.fc

CVE-2013-6477 [MEDIUM] CVE-2013-6477 pidgin: DoS when handling timestamps in the XMPP plugin CVE-2013-6477 pidgin: DoS when handling timestamps in the XMPP plugin A Denial-of-service flaw was found in the way the XMPP protocol plugin of pidgin handled messages with invalid timestamps. A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future. Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Jaime Breva Ribes as the original reporter of this issue. Discussion: External References: http://pidgin.im/news/security/?id=71 --- Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1059049] --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0139 https://rhn.redhat.com