From 18081e30e1b76f3bd021b42e12e4a9f4f90554e8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 20 Mar 2006 22:25:14 +0000 Subject: mention today's fixes --- CHANGES | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index ab2f4ce81..a67e4d50a 100644 --- a/CHANGES +++ b/CHANGES @@ -6,8 +6,35 @@ Changelog +Daniel (20 March 2006) +- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file + whose length was a multiple of 512 bytes could have random garbage + appended. Also, stop processing TFTP packets which are too short to be + legal. + +- Ilja van Sprundel reported a possible crash in the curl tool when using + "curl hostwithoutslash -d data -G" + Version 7.15.3 (20 March 2006) +Daniel (20 March 2006) +- VULNERABILITY reported to us by Ulf Harnhammar. + + libcurl uses the given file part of a TFTP URL in a manner that allows a + malicious user to overflow a heap-based memory buffer due to the lack of + boundary check. + + This overflow happens if you pass in a URL with a TFTP protocol prefix + ("tftp://"), using a valid host and a path part that is longer than 512 + bytes. + + The affected flaw can be triggered by a redirect, if curl/libcurl is told to + follow redirects and an HTTP server points the client to a tftp URL with the + characteristics described above. + + The Common Vulnerabilities and Exposures (CVE) project has assigned the name + CVE-2006-1061 to this issue. + Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. -- cgit v1.2.3