Mandriva Linux Security Advisory : curl (MDVSA-2011:116)
Medium Nessus Plugin ID 55664
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in curl :
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests (CVE-2011-2192).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.