CentOS Update For Curl CESA-2011:0918 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.

Affected

curl on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-July/017641.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2192
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1646 (libtool)
CentOS Update for apr-util CESA-2010:0950 centos4 i386
CentOS Security Advisory CESA-2009:0437 (seamonkey)
CentOS Security Advisory CESA-2009:0308 (cups)
CentOS Security Advisory CESA-2009:1243 (kernel)

CentOS Update for curl CESA-2011:0918 centos5 i386

Take action and discover your vulnerabilities