RHSA-2011:0918: curl security update
Description
cURL provides the libcurl library and a command line tool for downloadingfiles from servers using various protocols, including HTTP, FTP, and LDAP.It was found that cURL always performed credential delegation whenauthenticating with GSSAPI. A rogue server could use this flaw to obtainthe client's credentials and impersonate that client to other servers thatare using GSSAPI. (CVE-2011-2192)Users of curl should upgrade to these updated packages, which contain abackported patch to correct this issue. All running applications usinglibcurl must be restarted for the update to take effect.
Solution(s)
- redhat-upgrade-curl
- redhat-upgrade-curl-debuginfo
- redhat-upgrade-curl-devel
- redhat-upgrade-libcurl
- redhat-upgrade-libcurl-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center