Scientific Linux Security Update : curl on SL3.x i386/x86_64
High Nessus Plugin ID 60639
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionScott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. (CVE-2009-2417)
All running applications using libcurl must be restarted for the update to take effect.
SolutionUpdate the affected curl and / or curl-devel packages.