USN-726-1 -- curl vulnerabilityID: oval:org.secpod.oval:def:700297 | Date: (C)2011-05-13 (M)2022-09-20 |
Class: PATCH | Family: unix |
It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following "file" URLs after a redirect.
Platform: |
Ubuntu 7.10 |
Ubuntu 8.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |