MDVSA-2011:116 -- Mandriva curlID: oval:org.secpod.oval:def:301044 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in curl: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |