Paketname
curl
Datum
2011-07-22
Advisory ID
MDVSA-2011:116
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

A vulnerability was discovered and corrected in curl:

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
through 7.21.6, as used in curl and other products, always performs
credential delegation during GSSAPI authentication, which allows remote
servers to impersonate clients via GSSAPI requests (CVE-2011-2192).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2009.0 x86_64

 fd13f40cfeba7fab958fdcc3eec98f9c  2009.0/x86_64/curl-7.19.0-2.5mdv2009.0.x86_64.rpm
 8078cbc6bdb189e5c105d0eef53f3ad1  2009.0/x86_64/curl-examples-7.19.0-2.5mdv2009.0.x86_64.rpm
 e319ecc8e70c0d222ec021c6bf2b884e  2009.0/x86_64/lib64curl4-7.19.0-2.5mdv2009.0.x86_64.rpm
 d43e6b3b4caa23d483d4205c19a4127f  2009.0/x86_64/lib64curl-devel-7.19.0-2.5mdv2009.0.x86_64.rpm 
 e2ba5684e62b6ad3ed4e2ed8fe974a37  2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm

MES5 i586

 c1ca16b888b0873a9dfe7b7d62922b7d  mes5/i586/curl-7.19.0-2.5mdvmes5.2.i586.rpm
 a00a332d35f477c84e9d92fb52f1ec49  mes5/i586/curl-examples-7.19.0-2.5mdvmes5.2.i586.rpm
 de1a06a70f3850d1fe4fdf62e355dce1  mes5/i586/libcurl4-7.19.0-2.5mdvmes5.2.i586.rpm
 8a1797aca267e5eec1b5ff5da16527a6  mes5/i586/libcurl-devel-7.19.0-2.5mdvmes5.2.i586.rpm 
 febf373948a2a1caae63d4c0645483e6  mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm

2010.1 i586

 1f3c2a90fb01fcc2719bce3e9645c66b  2010.1/i586/curl-7.20.1-2.1mdv2010.2.i586.rpm
 b1c758033beb896b902fa0ba418756b3  2010.1/i586/curl-examples-7.20.1-2.1mdv2010.2.i586.rpm
 a8c2de51650c92a409aba918c15697b2  2010.1/i586/libcurl4-7.20.1-2.1mdv2010.2.i586.rpm
 650e33c87271d5c4f2e5b698c8de972e  2010.1/i586/libcurl-devel-7.20.1-2.1mdv2010.2.i586.rpm 
 1488b217fbc0731d77e79540444b54a9  2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm

2009.0 i586

 efa7576a48725c44f2f53eb42e9f5a24  2009.0/i586/curl-7.19.0-2.5mdv2009.0.i586.rpm
 51928c0f801f157351f3843f794c2ec9  2009.0/i586/curl-examples-7.19.0-2.5mdv2009.0.i586.rpm
 3e8584e39fc7946ffdc4ddd7c0a23b78  2009.0/i586/libcurl4-7.19.0-2.5mdv2009.0.i586.rpm
 5b48546182e7323b1b95e3b084a63d1e  2009.0/i586/libcurl-devel-7.19.0-2.5mdv2009.0.i586.rpm 
 e2ba5684e62b6ad3ed4e2ed8fe974a37  2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm

MES5 x86_64

 1a4bedbbcc5e6c5f58f44bbd70818266  mes5/x86_64/curl-7.19.0-2.5mdvmes5.2.x86_64.rpm
 e24a7d74b4967bd4575ca66a09c5c2bf  mes5/x86_64/curl-examples-7.19.0-2.5mdvmes5.2.x86_64.rpm
 8adb8518393e336ba74ae0ce40ec0ac5  mes5/x86_64/lib64curl4-7.19.0-2.5mdvmes5.2.x86_64.rpm
 809213447e1ef7e785960ca354396a18  mes5/x86_64/lib64curl-devel-7.19.0-2.5mdvmes5.2.x86_64.rpm 
 febf373948a2a1caae63d4c0645483e6  mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm

2010.1 x86_64

 be7a877b6af363e470630d4edd1b65ab  2010.1/x86_64/curl-7.20.1-2.1mdv2010.2.x86_64.rpm
 fdea83447b30e83229eda4c4dd9e3eaf  2010.1/x86_64/curl-examples-7.20.1-2.1mdv2010.2.x86_64.rpm
 47eb4d21393bc10329bdcc7fed3105ec  2010.1/x86_64/lib64curl4-7.20.1-2.1mdv2010.2.x86_64.rpm
 d074056b2ec8e0af34d6fb63de9e9259  2010.1/x86_64/lib64curl-devel-7.20.1-2.1mdv2010.2.x86_64.rpm 
 1488b217fbc0731d77e79540444b54a9  2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm

Referenzen