Subject: | |
From: | |
Reply To: | |
Date: | Tue, 5 Jul 2011 16:30:45 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: curl security update
Issue date: 2011-07-05
CVE Names: CVE-2011-2192
cURL provides the libcurl library and a command line tool for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that cURL always performed credential delegation when
authenticating with GSSAPI. A rogue server could use this flaw to obtain
the client's credentials and impersonate that client to other servers
that are using GSSAPI. (CVE-2011-2192)
All running applications using libcurl must be restarted for the update
to take effect.
SL 4.x
SRPMS:
curl-7.12.1-17.el4.src.rpm
i386:
curl-7.12.1-17.el4.i386.rpm
curl-devel-7.12.1-17.el4.i386.rpm
x86_64:
curl-7.12.1-17.el4.i386.rpm
curl-7.12.1-17.el4.x86_64.rpm
curl-devel-7.12.1-17.el4.x86_64.rpm
SL 5.x
SRPMS:
curl-7.15.5-9.el5_6.3.src.rpm
i386:
curl-7.15.5-9.el5_6.3.i386.rpm
curl-devel-7.15.5-9.el5_6.3.i386.rpm
x86_64:
curl-7.15.5-9.el5_6.3.i386.rpm
curl-7.15.5-9.el5_6.3.x86_64.rpm
curl-devel-7.15.5-9.el5_6.3.i386.rpm
curl-devel-7.15.5-9.el5_6.3.x86_64.rpm
SL 6.x
SRPMS:
curl-7.19.7-26.el6_1.1.src.rpm
i386:
curl-7.19.7-26.el6_1.1.i686.rpm
libcurl-7.19.7-26.el6_1.1.i686.rpm
libcurl-devel-7.19.7-26.el6_1.1.i686.rpm
x86_64:
curl-7.19.7-26.el6_1.1.x86_64.rpm
libcurl-7.19.7-26.el6_1.1.i686.rpm
libcurl-7.19.7-26.el6_1.1.x86_64.rpm
libcurl-devel-7.19.7-26.el6_1.1.i686.rpm
libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm
- Scientific Linux Development Team
|
|
|