MDVSA-2011:116
- Nom du paquet
- curl
- Date
- 2011-07-22
- Advisory ID
- MDVSA-2011:116
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability was discovered and corrected in curl:
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
through 7.21.6, as used in curl and other products, always performs
credential delegation during GSSAPI authentication, which allows remote
servers to impersonate clients via GSSAPI requests (CVE-2011-2192).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
fd13f40cfeba7fab958fdcc3eec98f9c 2009.0/x86_64/curl-7.19.0-2.5mdv2009.0.x86_64.rpm 8078cbc6bdb189e5c105d0eef53f3ad1 2009.0/x86_64/curl-examples-7.19.0-2.5mdv2009.0.x86_64.rpm e319ecc8e70c0d222ec021c6bf2b884e 2009.0/x86_64/lib64curl4-7.19.0-2.5mdv2009.0.x86_64.rpm d43e6b3b4caa23d483d4205c19a4127f 2009.0/x86_64/lib64curl-devel-7.19.0-2.5mdv2009.0.x86_64.rpm e2ba5684e62b6ad3ed4e2ed8fe974a37 2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm
MES5 i586
c1ca16b888b0873a9dfe7b7d62922b7d mes5/i586/curl-7.19.0-2.5mdvmes5.2.i586.rpm a00a332d35f477c84e9d92fb52f1ec49 mes5/i586/curl-examples-7.19.0-2.5mdvmes5.2.i586.rpm de1a06a70f3850d1fe4fdf62e355dce1 mes5/i586/libcurl4-7.19.0-2.5mdvmes5.2.i586.rpm 8a1797aca267e5eec1b5ff5da16527a6 mes5/i586/libcurl-devel-7.19.0-2.5mdvmes5.2.i586.rpm febf373948a2a1caae63d4c0645483e6 mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm
2010.1 i586
1f3c2a90fb01fcc2719bce3e9645c66b 2010.1/i586/curl-7.20.1-2.1mdv2010.2.i586.rpm b1c758033beb896b902fa0ba418756b3 2010.1/i586/curl-examples-7.20.1-2.1mdv2010.2.i586.rpm a8c2de51650c92a409aba918c15697b2 2010.1/i586/libcurl4-7.20.1-2.1mdv2010.2.i586.rpm 650e33c87271d5c4f2e5b698c8de972e 2010.1/i586/libcurl-devel-7.20.1-2.1mdv2010.2.i586.rpm 1488b217fbc0731d77e79540444b54a9 2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm
2009.0 i586
efa7576a48725c44f2f53eb42e9f5a24 2009.0/i586/curl-7.19.0-2.5mdv2009.0.i586.rpm 51928c0f801f157351f3843f794c2ec9 2009.0/i586/curl-examples-7.19.0-2.5mdv2009.0.i586.rpm 3e8584e39fc7946ffdc4ddd7c0a23b78 2009.0/i586/libcurl4-7.19.0-2.5mdv2009.0.i586.rpm 5b48546182e7323b1b95e3b084a63d1e 2009.0/i586/libcurl-devel-7.19.0-2.5mdv2009.0.i586.rpm e2ba5684e62b6ad3ed4e2ed8fe974a37 2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm
MES5 x86_64
1a4bedbbcc5e6c5f58f44bbd70818266 mes5/x86_64/curl-7.19.0-2.5mdvmes5.2.x86_64.rpm e24a7d74b4967bd4575ca66a09c5c2bf mes5/x86_64/curl-examples-7.19.0-2.5mdvmes5.2.x86_64.rpm 8adb8518393e336ba74ae0ce40ec0ac5 mes5/x86_64/lib64curl4-7.19.0-2.5mdvmes5.2.x86_64.rpm 809213447e1ef7e785960ca354396a18 mes5/x86_64/lib64curl-devel-7.19.0-2.5mdvmes5.2.x86_64.rpm febf373948a2a1caae63d4c0645483e6 mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm
2010.1 x86_64
be7a877b6af363e470630d4edd1b65ab 2010.1/x86_64/curl-7.20.1-2.1mdv2010.2.x86_64.rpm fdea83447b30e83229eda4c4dd9e3eaf 2010.1/x86_64/curl-examples-7.20.1-2.1mdv2010.2.x86_64.rpm 47eb4d21393bc10329bdcc7fed3105ec 2010.1/x86_64/lib64curl4-7.20.1-2.1mdv2010.2.x86_64.rpm d074056b2ec8e0af34d6fb63de9e9259 2010.1/x86_64/lib64curl-devel-7.20.1-2.1mdv2010.2.x86_64.rpm 1488b217fbc0731d77e79540444b54a9 2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm