Mar
5th
Thu
5th
Recent curl vulnerability
It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following “file” URLs after a redirect.
Nice. I really need to try issuing file:///etc/passwd HTTP redirects more often.
