curl-7.15.5-9.AXS3.3
エラータID: AXSA:2011-231:01
リリース日:
2011/07/19 Tuesday - 13:16
題名:
curl-7.15.5-9.AXS3.3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- libcurl の Curl_input_negotiate 関数で,GSSAPI 認証の際に認証情報の移譲を行うため,<br />
GSSAPI リクエストによって,リモートのサーバがクライアントになりすます脆弱性があります。(CVE-2011-2192)<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/<br />
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- curl-7.15.5-9.AXS3.3.i386.rpm
MD5: 7d43a287d2204539cc630112c55ff997
SHA-256: a3eb42140184e2bbde00506694801d467487822fd243ebcbd9285e409ba26c87
Size: 267.76 kB - curl-devel-7.15.5-9.AXS3.3.i386.rpm
MD5: 38c8333946345527198576fca13bc38a
SHA-256: ab731dba4682c266bc6fb82da1317b5bd7d329f99705801c2224b90d0daab0eb
Size: 311.09 kB
Asianux Server 3 for x86_64
- curl-7.15.5-9.AXS3.3.x86_64.rpm
MD5: b65613ef02f879c15a48a3cb42af18f0
SHA-256: 39a53dbd3faf012cbb060684b1dfab9fb720e85b8bced8273ad67f842d60e628
Size: 265.06 kB - curl-devel-7.15.5-9.AXS3.3.x86_64.rpm
MD5: df17108d42b75cab297f77e6049353c6
SHA-256: e7736f546c431b9f59c413d6ecf810ffb38fb4933d8079ec6ebe70791e998117
Size: 319.27 kB