Mandriva Update For Curl MDVSA-2012:058 (curl) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in curl: curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389). curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs (CVE-2012-0036). The updated packages have been patched to correct these issues.

Affected

curl on Mandriva Linux 2011.0, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2011-3389, CVE-2012-0036
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:128 (libmodplug)
Mandrake Security Advisory MDVSA-2009:164 (jasper)
Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
Mandrake Security Advisory MDVSA-2009:153 (dhcp)

Mandriva Update for curl MDVSA-2012:058 (curl)

Take action and discover your vulnerabilities