MDVSA-2012:058 -- Mandriva curlID: oval:org.secpod.oval:def:302886 | Date: (C)2012-12-20 (M)2024-04-17 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in curl: curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem . curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2011.0 |
Mandriva Linux 2010.1 |