Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 5 Jul 2011 16:30:45 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: curl on SL4.x, SL5.x, SL6.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "MIME-Version: 1.0 Synopsis: Moderate: curl security update Issue date: 2011-07-05 CVE Names: CVE-2011-2192 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) All running applications using libcurl must be restarted for the update to take effect. SL 4.x SRPMS: curl-7.12.1-17.el4.src.rpm i386: curl-7.12.1-17.el4.i386.rpm curl-devel-7.12.1-17.el4.i386.rpm x86_64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.x86_64.rpm curl-devel-7.12.1-17.el4.x86_64.rpm SL 5.x SRPMS: curl-7.15.5-9.el5_6.3.src.rpm i386: curl-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm x86_64: curl-7.15.5-9.el5_6.3.i386.rpm curl-7.15.5-9.el5_6.3.x86_64.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.x86_64.rpm SL 6.x SRPMS: curl-7.19.7-26.el6_1.1.src.rpm i386: curl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm x86_64: curl-7.19.7-26.el6_1.1.x86_64.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.x86_64.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm - Scientific Linux Development Team