curl 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1239727694
업데이트 : 2009.04.15
상세내용
1.3.4-60.2 update
- fixed CVE-2009-0037
CVE-2009-0037:
David Kierznowski discovered a flaw in libcurl where it would not
differentiate between different target URLs when handling automatic
redirects. This caused libcurl to follow any new URL that it understood,
including the "file://" URL type. This could allow a remote server to force
a local libcurl-using application to read a local file instead of the
remote one, possibly exposing local files that were not meant to be
exposed.
Autoupdates 지원 : Packages System
pkgadd -F "curl*"
"span class="title">update 패키지
RPMS :
. curl-7.12.1-11.1.i686.rpm
. curl-devel-7.12.1-11.1.i686.rpm
SRPMS :
. curl-7.12.1-11.1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
|