Package name
curl
Date
2009-08-15
Advisory ID
MDVSA-2009:203
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , MES5 i586 , 2008.1 x86_64 , 2008.1 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in curl:

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is
used, does not properly handle a '\0' character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2417).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 349b02bbda7eb662997f3183ef6d87c0  2009.0/x86_64/curl-7.19.0-2.3mdv2009.0.x86_64.rpm
 9a09d4cb2c0ce21a78363ad7a07dd011  2009.0/x86_64/curl-examples-7.19.0-2.3mdv2009.0.x86_64.rpm
 5e9eb5492801e1f31bba4343b25d8d6b  2009.0/x86_64/lib64curl4-7.19.0-2.3mdv2009.0.x86_64.rpm
 438a1fb2bc30d993c533ca0ced47581d  2009.0/x86_64/lib64curl-devel-7.19.0-2.3mdv2009.0.x86_64.rpm 
 df4a805594f16bfce93b18a6e0777450  2009.0/SRPMS/curl-7.19.0-2.3mdv2009.0.src.rpm

CS4.0 x86_64

 688129530500a0cbfd405992da4b9377  corporate/4.0/x86_64/curl-7.14.0-2.4.20060mlcs4.x86_64.rpm
 ca17056e48cb81012c5bd7a7d35b8d49  corporate/4.0/x86_64/lib64curl3-7.14.0-2.4.20060mlcs4.x86_64.rpm
 51d0e70dd8230538eb484e15b70320b7  corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.4.20060mlcs4.x86_64.rpm 
 76b72bc8938fdfc1bd425483a15a75f9  corporate/4.0/SRPMS/curl-7.14.0-2.4.20060mlcs4.src.rpm

MNF2.0 i586

 d9faa6984ea90caba24d8dd4924bde9c  mnf/2.0/i586/curl-7.11.0-2.4.C30mdk.i586.rpm
 93742023ff49d812df74fe370370b0c5  mnf/2.0/i586/libcurl2-7.11.0-2.4.C30mdk.i586.rpm
 17709107a56bbee9b5bbee8e19354dc9  mnf/2.0/i586/libcurl2-devel-7.11.0-2.4.C30mdk.i586.rpm 
 9765888e1bffb0ebd83d1ec71574de2b  mnf/2.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm

2009.0 i586

 892828128b099818d440a8407c229f6a  2009.0/i586/curl-7.19.0-2.3mdv2009.0.i586.rpm
 d2401c2950c47eb04052c9cd79fbc179  2009.0/i586/curl-examples-7.19.0-2.3mdv2009.0.i586.rpm
 421938c204416ad6a226f89cd67ebabb  2009.0/i586/libcurl4-7.19.0-2.3mdv2009.0.i586.rpm
 7cb71ef8b449125765efed99af777eda  2009.0/i586/libcurl-devel-7.19.0-2.3mdv2009.0.i586.rpm 
 df4a805594f16bfce93b18a6e0777450  2009.0/SRPMS/curl-7.19.0-2.3mdv2009.0.src.rpm

CS3.0 x86_64

 c36bd07602a95362d5f8096076af96ff  corporate/3.0/x86_64/curl-7.11.0-2.4.C30mdk.x86_64.rpm
 94d4e28bf08697f658c9532bc8ef67ed  corporate/3.0/x86_64/lib64curl2-7.11.0-2.4.C30mdk.x86_64.rpm
 7ef2d495db13d134014f013379d43093  corporate/3.0/x86_64/lib64curl2-devel-7.11.0-2.4.C30mdk.x86_64.rpm 
 aeef3de8e19539e1e5cef22a3499cad7  corporate/3.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm

CS4.0 i586

 37ca03172a8b502f16a582d139ee3077  corporate/4.0/i586/curl-7.14.0-2.4.20060mlcs4.i586.rpm
 4a7453f3ad0959dc987fb7988920fb29  corporate/4.0/i586/libcurl3-7.14.0-2.4.20060mlcs4.i586.rpm
 34f9357fdc46b5814d15a0d67ac5c97a  corporate/4.0/i586/libcurl3-devel-7.14.0-2.4.20060mlcs4.i586.rpm 
 76b72bc8938fdfc1bd425483a15a75f9  corporate/4.0/SRPMS/curl-7.14.0-2.4.20060mlcs4.src.rpm

CS3.0 i586

 1cb682e71b060c3e806651091692f319  corporate/3.0/i586/curl-7.11.0-2.4.C30mdk.i586.rpm
 6e86a78de017172c73455f3bcc7be1fd  corporate/3.0/i586/libcurl2-7.11.0-2.4.C30mdk.i586.rpm
 49c2a0efd318ee51ac66ab4dacd58d44  corporate/3.0/i586/libcurl2-devel-7.11.0-2.4.C30mdk.i586.rpm 
 aeef3de8e19539e1e5cef22a3499cad7  corporate/3.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm

MES5 i586

 a374ff5beddecedf918904a67b208c00  mes5/i586/curl-7.19.0-2.3mdvmes5.i586.rpm
 262a4e29d7c8ef7f451c87b7bc8e2c66  mes5/i586/curl-examples-7.19.0-2.3mdvmes5.i586.rpm
 e86cc1febe979624999393b80c846715  mes5/i586/libcurl4-7.19.0-2.3mdvmes5.i586.rpm
 ba7da37dd0c8c5e4ea8b94a123ba351c  mes5/i586/libcurl-devel-7.19.0-2.3mdvmes5.i586.rpm 
 92e3583395a1ef3e8cd947e4ddded60d  mes5/SRPMS/curl-7.19.0-2.3mdvmes5.src.rpm

2008.1 x86_64

 8bdfa65ac800bb2444b7bad1319a9ed2  2008.1/x86_64/curl-7.18.0-1.2mdv2008.1.x86_64.rpm
 1db03c79d7f77ae66d96100af128a498  2008.1/x86_64/curl-examples-7.18.0-1.2mdv2008.1.x86_64.rpm
 d3dc17d25cf42e331775cf3ad9f8011a  2008.1/x86_64/lib64curl4-7.18.0-1.2mdv2008.1.x86_64.rpm
 40fe1718975e298ed247ed8184092616  2008.1/x86_64/lib64curl-devel-7.18.0-1.2mdv2008.1.x86_64.rpm 
 387a18822140e74b895cf64b735a95f1  2008.1/SRPMS/curl-7.18.0-1.2mdv2008.1.src.rpm

2008.1 i586

 8e2ea8611aefeb2a40d77afd88277fb4  2008.1/i586/curl-7.18.0-1.2mdv2008.1.i586.rpm
 c70570c0bb2c329c19bd9317f732623d  2008.1/i586/curl-examples-7.18.0-1.2mdv2008.1.i586.rpm
 c2a33e1c57b106a4030abfc8e2d3cc92  2008.1/i586/libcurl4-7.18.0-1.2mdv2008.1.i586.rpm
 85220b736085c4ed0d45a5352d70b81e  2008.1/i586/libcurl-devel-7.18.0-1.2mdv2008.1.i586.rpm 
 387a18822140e74b895cf64b735a95f1  2008.1/SRPMS/curl-7.18.0-1.2mdv2008.1.src.rpm

MES5 x86_64

 4e66472f996cda47aaad865b7e9a2a9a  mes5/x86_64/curl-7.19.0-2.3mdvmes5.x86_64.rpm
 cb61278d082c2d15bdd209189f4eaaea  mes5/x86_64/curl-examples-7.19.0-2.3mdvmes5.x86_64.rpm
 231221eeb4a18060b32d0f5dcac2179e  mes5/x86_64/lib64curl4-7.19.0-2.3mdvmes5.x86_64.rpm
 5b2fa79ff88f193caaffce7a2fc0b127  mes5/x86_64/lib64curl-devel-7.19.0-2.3mdvmes5.x86_64.rpm 
 92e3583395a1ef3e8cd947e4ddded60d  mes5/SRPMS/curl-7.19.0-2.3mdvmes5.src.rpm

References