DSA-2398-2 curl -- regressionID: oval:org.secpod.oval:def:600772 | Date: (C)2012-04-03 (M)2024-04-17 |
Class: PATCH | Family: unix |
cURL is a command-line tool and library for transferring data with URL syntax. It was discovered that the countermeasures against the Dai/Rogaway chosen-plaintext attack on SSL/TLS cause interoperability issues with some server implementations. This update ads the the CURLOPT_SSL_OPTIONS and CURLSSLOPT_ALLOW_BEAST options to the library, and the - --ssl-allow-beast option to the "curl" program.