Scientific Linux Security Update : curl on SL5.x, SL6.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against
libcurl sending the wrong cookie if only part of the domain name
matched the domain associated with the cookie, disclosing the cookie
to unrelated hosts. (CVE-2013-1944)

All running applications using libcurl must be restarted for the
update to take effect.

See also :

http://www.nessus.org/u?09980e0e

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 66226 ()

Bugtraq ID:

CVE ID: CVE-2013-1944