Fedora Account System
Red Hat Associate
Red Hat Customer
Ulf Harnhammar told vendor-sec about a buffer overflow in cURL's tftp handling code. If you pass a very long tftp URL ("tftp://") to cURL with a valid hostname, it becomes possible to overflow a buffer. This issue only affects version 7.15.X.
The fixed versions are curl-7.15.3-1 (devel), curl-7.15.1-3 (fc5). If there is any problem please reopen this bug.