Amazon Linux 1 Security Advisory: ALAS-2013-210
Advisory Release Date: 2013-07-12 15:32 Pacific
Advisory Updated Date: 2014-09-15 23:17 Pacific
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
i686:
libcurl-devel-7.27.0-11.34.amzn1.i686
curl-7.27.0-11.34.amzn1.i686
curl-debuginfo-7.27.0-11.34.amzn1.i686
libcurl-7.27.0-11.34.amzn1.i686
src:
curl-7.27.0-11.34.amzn1.src
x86_64:
curl-7.27.0-11.34.amzn1.x86_64
libcurl-7.27.0-11.34.amzn1.x86_64
curl-debuginfo-7.27.0-11.34.amzn1.x86_64
libcurl-devel-7.27.0-11.34.amzn1.x86_64