Описание
ELSA-2011-0918: curl security update (MODERATE)
[7.19.7-26.el6_1.1]
- do not delegate GSSAPI credentials (CVE-2011-2192)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
curl
7.15.5-9.el5_6.3
curl-devel
7.15.5-9.el5_6.3
Oracle Linux x86_64
curl
7.15.5-9.el5_6.3
curl-devel
7.15.5-9.el5_6.3
Oracle Linux i386
curl
7.15.5-9.el5_6.3
curl-devel
7.15.5-9.el5_6.3
Oracle Linux 6
Oracle Linux x86_64
curl
7.19.7-26.el6_1.1
libcurl
7.19.7-26.el6_1.1
libcurl-devel
7.19.7-26.el6_1.1
Oracle Linux i686
curl
7.19.7-26.el6_1.1
libcurl
7.19.7-26.el6_1.1
libcurl-devel
7.19.7-26.el6_1.1
Связанные CVE
Связанные уязвимости
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10. ...
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.