CentOS Update For Curl CESA-2011:0918 Centos5 X86_64 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.

Affected

curl on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-July/017642.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2192

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1463 (newt)
CentOS Update for apr CESA-2011:0844 centos4 i386
CentOS Update for 389-ds-base CESA-2014:1031 centos7
CentOS Security Advisory CESA-2009:0057 (squirrelmail)
CentOS Security Advisory CESA-2009:1528 (samba)

CentOS Update for curl CESA-2011:0918 centos5 x86_64

Take action and discover your vulnerabilities