curl-7.15.5-9.AXS3.3

エラータID: AXSA:2011-231:01

Release date: 
Tuesday, July 19, 2011 - 13:16
Subject: 
curl-7.15.5-9.AXS3.3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, FTP upload, HTTP post, and file transfer resume.
Security issues fixed with this release:
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Solution: 

Update packages.

CVEs: 
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.


Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. curl-7.15.5-9.AXS3.3.i386.rpm
    MD5: 7d43a287d2204539cc630112c55ff997
    SHA-256: a3eb42140184e2bbde00506694801d467487822fd243ebcbd9285e409ba26c87
    Size: 267.76 kB
  2. curl-devel-7.15.5-9.AXS3.3.i386.rpm
    MD5: 38c8333946345527198576fca13bc38a
    SHA-256: ab731dba4682c266bc6fb82da1317b5bd7d329f99705801c2224b90d0daab0eb
    Size: 311.09 kB

Asianux Server 3 for x86_64
  1. curl-7.15.5-9.AXS3.3.x86_64.rpm
    MD5: b65613ef02f879c15a48a3cb42af18f0
    SHA-256: 39a53dbd3faf012cbb060684b1dfab9fb720e85b8bced8273ad67f842d60e628
    Size: 265.06 kB
  2. curl-devel-7.15.5-9.AXS3.3.x86_64.rpm
    MD5: df17108d42b75cab297f77e6049353c6
    SHA-256: e7736f546c431b9f59c413d6ecf810ffb38fb4933d8079ec6ebe70791e998117
    Size: 319.27 kB