curl 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1250682046
업데이트 : 2009.08.19
상세내용
7.12.1-11.1.el4.1 update
- fixed CVE-2009-2417
CVE-2009-2417:
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is
used, does not properly handle a ' ' character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408.
Autoupdates 지원 : 지원
pkgsysupdate
"span class="title">update 패키지
RPMS :
. curl-7.12.1-11.1.el4.1.i686.rpm
. curl-devel-7.12.1-11.1.el4.1.i686.rpm
SRPMS :
. curl-7.12.1-11.1.el4.1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
|