curl-7.15.5-2.1AXS3.5

エラータID: AXSA:2009-376:02

Release date: 
Thursday, August 27, 2009 - 10:19
Subject: 
curl-7.15.5-2.1AXS3.5
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP upload, HTTP post, and file transfer resume.
Fixed bugs:
CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Solution: 

Update packages

CVEs: 
CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.


Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.15.5-2.1AXS3.5.src.rpm
    MD5: 38d13c06b6e81f88d4b09a3f7607fd05
    SHA-256: de4dc1eed66a2abdac0d7feae7f45e257cae3032b77a2cbc8580f20c05bbd38c
    Size: 1.49 MB

Asianux Server 3 for x86
  1. curl-7.15.5-2.1AXS3.5.i386.rpm
    MD5: 5155767f3bdbc276b022d2d017f36e3b
    SHA-256: 1dc1562dccbf867b1d246b2e6f2c7fd3200dc1b2f71f557c7f982201a92b33d8
    Size: 266.25 kB
  2. curl-devel-7.15.5-2.1AXS3.5.i386.rpm
    MD5: e9f5f0a0cd4b267ff05d6ef24818de94
    SHA-256: 56a7c34cba7563830b3701f7118bd223c91dadcc4883d36ff0f549832a58425c
    Size: 309.44 kB

Asianux Server 3 for x86_64
  1. curl-7.15.5-2.1AXS3.5.x86_64.rpm
    MD5: 5d1fde005838f082dee12d11a0e63a14
    SHA-256: 397944dbc0217f39a33e8d9387cbea55f4a10c652bf5fb089769990e1a5cd78d
    Size: 263.49 kB
  2. curl-devel-7.15.5-2.1AXS3.5.x86_64.rpm
    MD5: f0b2e60125fa49fa66840378a8ddec55
    SHA-256: 4c799ce2363ad0884290bed8818c382b064f3441f265480cdae57ffcab6cc37c
    Size: 317.55 kB