what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-116

Mandriva Linux Security Advisory 2011-116
Posted Jul 22, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-116 - The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-2192
SHA-256 | 767f06162b545daa7a4c7e9547032580498601a606a596114106c10fe11f863f
Download | Favorite | View

Mandriva Linux Security Advisory 2011-116

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:116
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : curl
 Date    : July 22, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in curl:
 
 The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
 through 7.21.6, as used in curl and other products, always performs
 credential delegation during GSSAPI authentication, which allows remote
 servers to impersonate clients via GSSAPI requests (CVE-2011-2192).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 efa7576a48725c44f2f53eb42e9f5a24  2009.0/i586/curl-7.19.0-2.5mdv2009.0.i586.rpm
 51928c0f801f157351f3843f794c2ec9  2009.0/i586/curl-examples-7.19.0-2.5mdv2009.0.i586.rpm
 3e8584e39fc7946ffdc4ddd7c0a23b78  2009.0/i586/libcurl4-7.19.0-2.5mdv2009.0.i586.rpm
 5b48546182e7323b1b95e3b084a63d1e  2009.0/i586/libcurl-devel-7.19.0-2.5mdv2009.0.i586.rpm 
 e2ba5684e62b6ad3ed4e2ed8fe974a37  2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 fd13f40cfeba7fab958fdcc3eec98f9c  2009.0/x86_64/curl-7.19.0-2.5mdv2009.0.x86_64.rpm
 8078cbc6bdb189e5c105d0eef53f3ad1  2009.0/x86_64/curl-examples-7.19.0-2.5mdv2009.0.x86_64.rpm
 e319ecc8e70c0d222ec021c6bf2b884e  2009.0/x86_64/lib64curl4-7.19.0-2.5mdv2009.0.x86_64.rpm
 d43e6b3b4caa23d483d4205c19a4127f  2009.0/x86_64/lib64curl-devel-7.19.0-2.5mdv2009.0.x86_64.rpm 
 e2ba5684e62b6ad3ed4e2ed8fe974a37  2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 1f3c2a90fb01fcc2719bce3e9645c66b  2010.1/i586/curl-7.20.1-2.1mdv2010.2.i586.rpm
 b1c758033beb896b902fa0ba418756b3  2010.1/i586/curl-examples-7.20.1-2.1mdv2010.2.i586.rpm
 a8c2de51650c92a409aba918c15697b2  2010.1/i586/libcurl4-7.20.1-2.1mdv2010.2.i586.rpm
 650e33c87271d5c4f2e5b698c8de972e  2010.1/i586/libcurl-devel-7.20.1-2.1mdv2010.2.i586.rpm 
 1488b217fbc0731d77e79540444b54a9  2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 be7a877b6af363e470630d4edd1b65ab  2010.1/x86_64/curl-7.20.1-2.1mdv2010.2.x86_64.rpm
 fdea83447b30e83229eda4c4dd9e3eaf  2010.1/x86_64/curl-examples-7.20.1-2.1mdv2010.2.x86_64.rpm
 47eb4d21393bc10329bdcc7fed3105ec  2010.1/x86_64/lib64curl4-7.20.1-2.1mdv2010.2.x86_64.rpm
 d074056b2ec8e0af34d6fb63de9e9259  2010.1/x86_64/lib64curl-devel-7.20.1-2.1mdv2010.2.x86_64.rpm 
 1488b217fbc0731d77e79540444b54a9  2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 c1ca16b888b0873a9dfe7b7d62922b7d  mes5/i586/curl-7.19.0-2.5mdvmes5.2.i586.rpm
 a00a332d35f477c84e9d92fb52f1ec49  mes5/i586/curl-examples-7.19.0-2.5mdvmes5.2.i586.rpm
 de1a06a70f3850d1fe4fdf62e355dce1  mes5/i586/libcurl4-7.19.0-2.5mdvmes5.2.i586.rpm
 8a1797aca267e5eec1b5ff5da16527a6  mes5/i586/libcurl-devel-7.19.0-2.5mdvmes5.2.i586.rpm 
 febf373948a2a1caae63d4c0645483e6  mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1a4bedbbcc5e6c5f58f44bbd70818266  mes5/x86_64/curl-7.19.0-2.5mdvmes5.2.x86_64.rpm
 e24a7d74b4967bd4575ca66a09c5c2bf  mes5/x86_64/curl-examples-7.19.0-2.5mdvmes5.2.x86_64.rpm
 8adb8518393e336ba74ae0ce40ec0ac5  mes5/x86_64/lib64curl4-7.19.0-2.5mdvmes5.2.x86_64.rpm
 809213447e1ef7e785960ca354396a18  mes5/x86_64/lib64curl-devel-7.19.0-2.5mdvmes5.2.x86_64.rpm 
 febf373948a2a1caae63d4c0645483e6  mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOKU19mqjQ0CJFipgRAv5IAJ0UtAC7pqlCpuf8qFwB9X+1wdi9iQCg5SJE
hN4gsacKVHHLF60rcCZldDY=
=3rAe
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close