Mandriva Linux Security Advisory : curl (MDVSA-2012:058)
High Nessus Plugin ID 58759
The remote Mandriva Linux host is missing one or more security updates.
Multiple vulnerabilities has been found and corrected in curl : curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389). curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs (CVE-2012-0036). The updated packages have been patched to correct these issues.