Synopsis: Moderate: curl security update
Issue Date: 2011-07-05
CVE Numbers: CVE-2011-2192
—
cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that cURL always performed credential delegation when
authenticating with GSSAPI. A rogue server could use this flaw to obtain
the client’s credentials and impersonate that client to other servers that
are using GSSAPI. (CVE-2011-2192)
Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.
—
SL4
x86_64
curl-7.12.1-17.el4.i386.rpm
curl-7.12.1-17.el4.x86_64.rpm
curl-devel-7.12.1-17.el4.x86_64.rpm
i386
curl-7.12.1-17.el4.i386.rpm
curl-devel-7.12.1-17.el4.i386.rpm
SL5
x86_64
curl-7.15.5-9.el5_6.3.i386.rpm
curl-7.15.5-9.el5_6.3.x86_64.rpm
curl-devel-7.15.5-9.el5_6.3.i386.rpm
curl-devel-7.15.5-9.el5_6.3.x86_64.rpm
i386
curl-7.15.5-9.el5_6.3.i386.rpm
curl-devel-7.15.5-9.el5_6.3.i386.rpm
SL6
x86_64
curl-7.19.7-26.el6_1.1.x86_64.rpm
libcurl-7.19.7-26.el6_1.1.i686.rpm
libcurl-7.19.7-26.el6_1.1.x86_64.rpm
libcurl-devel-7.19.7-26.el6_1.1.i686.rpm
libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm
i386
curl-7.19.7-26.el6_1.1.i686.rpm
libcurl-7.19.7-26.el6_1.1.i686.rpm
libcurl-devel-7.19.7-26.el6_1.1.i686.rpm
– Scientific Linux Development Team
