Scientific Linux Security Update : curl on SL4.x, SL5.x, SL6.x i386/x86_64
Medium Nessus Plugin ID 61078
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptioncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)
All running applications using libcurl must be restarted for the update to take effect.
SolutionUpdate the affected packages.