Oval Definition:oval:com.redhat.rhsa:def:20110918
Revision Date:2011-07-05Version:640
Title:RHSA-2011:0918: curl security update (Moderate)
Description:cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

  • It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)

    Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-2192
    CVE-2011-2192
    RHSA-2011:0918
    RHSA-2011:0918-01
    RHSA-2011:0918-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • curl is earlier than 0:7.12.1-17.el4
  • AND curl is signed with Red Hat redhatrelease2 key
  • curl-devel is earlier than 0:7.12.1-17.el4
  • AND curl-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • curl is earlier than 0:7.15.5-9.el5_6.3
  • AND curl is signed with Red Hat redhatrelease2 key
  • curl-devel is earlier than 0:7.15.5-9.el5_6.3
  • AND curl-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • curl is earlier than 0:7.19.7-26.el6_1.1
  • AND curl is signed with Red Hat redhatrelease2 key
  • libcurl is earlier than 0:7.19.7-26.el6_1.1
  • AND libcurl is signed with Red Hat redhatrelease2 key
  • libcurl-devel is earlier than 0:7.19.7-26.el6_1.1
  • AND libcurl-devel is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • curl is earlier than 0:7.12.1-17.el4
  • AND curl is signed with Red Hat master key
  • curl-devel is earlier than 0:7.12.1-17.el4
  • AND curl-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • curl is earlier than 0:7.19.7-26.el6_1.1
  • AND curl is signed with Red Hat redhatrelease2 key
  • libcurl-devel is earlier than 0:7.19.7-26.el6_1.1
  • AND libcurl-devel is signed with Red Hat redhatrelease2 key
  • libcurl is earlier than 0:7.19.7-26.el6_1.1
  • AND libcurl is signed with Red Hat redhatrelease2 key
    • BACK