Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in curl
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in curl
ID: MDVSA-2009:203
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.1, Mandriva 2009.0, Mandriva Enterprise Server 5.0
Datum: Sa, 15. August 2009, 18:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
Applikationen: curl

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1250352391-13155-921


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:203
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : curl
 Date    : August 15, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in curl:
 
 lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is
 used, does not properly handle a '\0' character in a domain name in
 the subject's Common Name (CN) field of an X.509 certificate, which
 allows man-in-the-middle attackers to spoof arbitrary SSL servers via
 a crafted certificate issued by a legitimate Certification Authority,
 a related issue to CVE-2009-2408 (CVE-2009-2417).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 8e2ea8611aefeb2a40d77afd88277fb4 
 2008.1/i586/curl-7.18.0-1.2mdv2008.1.i586.rpm
 c70570c0bb2c329c19bd9317f732623d 
 2008.1/i586/curl-examples-7.18.0-1.2mdv2008.1.i586.rpm
 c2a33e1c57b106a4030abfc8e2d3cc92 
 2008.1/i586/libcurl4-7.18.0-1.2mdv2008.1.i586.rpm
 85220b736085c4ed0d45a5352d70b81e 
 2008.1/i586/libcurl-devel-7.18.0-1.2mdv2008.1.i586.rpm 
 387a18822140e74b895cf64b735a95f1 
 2008.1/SRPMS/curl-7.18.0-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 8bdfa65ac800bb2444b7bad1319a9ed2 
 2008.1/x86_64/curl-7.18.0-1.2mdv2008.1.x86_64.rpm
 1db03c79d7f77ae66d96100af128a498 
 2008.1/x86_64/curl-examples-7.18.0-1.2mdv2008.1.x86_64.rpm
 d3dc17d25cf42e331775cf3ad9f8011a 
 2008.1/x86_64/lib64curl4-7.18.0-1.2mdv2008.1.x86_64.rpm
 40fe1718975e298ed247ed8184092616 
 2008.1/x86_64/lib64curl-devel-7.18.0-1.2mdv2008.1.x86_64.rpm 
 387a18822140e74b895cf64b735a95f1 
 2008.1/SRPMS/curl-7.18.0-1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 892828128b099818d440a8407c229f6a 
 2009.0/i586/curl-7.19.0-2.3mdv2009.0.i586.rpm
 d2401c2950c47eb04052c9cd79fbc179 
 2009.0/i586/curl-examples-7.19.0-2.3mdv2009.0.i586.rpm
 421938c204416ad6a226f89cd67ebabb 
 2009.0/i586/libcurl4-7.19.0-2.3mdv2009.0.i586.rpm
 7cb71ef8b449125765efed99af777eda 
 2009.0/i586/libcurl-devel-7.19.0-2.3mdv2009.0.i586.rpm 
 df4a805594f16bfce93b18a6e0777450 
 2009.0/SRPMS/curl-7.19.0-2.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 349b02bbda7eb662997f3183ef6d87c0 
 2009.0/x86_64/curl-7.19.0-2.3mdv2009.0.x86_64.rpm
 9a09d4cb2c0ce21a78363ad7a07dd011 
 2009.0/x86_64/curl-examples-7.19.0-2.3mdv2009.0.x86_64.rpm
 5e9eb5492801e1f31bba4343b25d8d6b 
 2009.0/x86_64/lib64curl4-7.19.0-2.3mdv2009.0.x86_64.rpm
 438a1fb2bc30d993c533ca0ced47581d 
 2009.0/x86_64/lib64curl-devel-7.19.0-2.3mdv2009.0.x86_64.rpm 
 df4a805594f16bfce93b18a6e0777450 
 2009.0/SRPMS/curl-7.19.0-2.3mdv2009.0.src.rpm

 Corporate 3.0:
 1cb682e71b060c3e806651091692f319 
 corporate/3.0/i586/curl-7.11.0-2.4.C30mdk.i586.rpm
 6e86a78de017172c73455f3bcc7be1fd 
 corporate/3.0/i586/libcurl2-7.11.0-2.4.C30mdk.i586.rpm
 49c2a0efd318ee51ac66ab4dacd58d44 
 corporate/3.0/i586/libcurl2-devel-7.11.0-2.4.C30mdk.i586.rpm 
 aeef3de8e19539e1e5cef22a3499cad7 
 corporate/3.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c36bd07602a95362d5f8096076af96ff 
 corporate/3.0/x86_64/curl-7.11.0-2.4.C30mdk.x86_64.rpm
 94d4e28bf08697f658c9532bc8ef67ed 
 corporate/3.0/x86_64/lib64curl2-7.11.0-2.4.C30mdk.x86_64.rpm
 7ef2d495db13d134014f013379d43093 
 corporate/3.0/x86_64/lib64curl2-devel-7.11.0-2.4.C30mdk.x86_64.rpm 
 aeef3de8e19539e1e5cef22a3499cad7 
 corporate/3.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm

 Corporate 4.0:
 37ca03172a8b502f16a582d139ee3077 
 corporate/4.0/i586/curl-7.14.0-2.4.20060mlcs4.i586.rpm
 4a7453f3ad0959dc987fb7988920fb29 
 corporate/4.0/i586/libcurl3-7.14.0-2.4.20060mlcs4.i586.rpm
 34f9357fdc46b5814d15a0d67ac5c97a 
 corporate/4.0/i586/libcurl3-devel-7.14.0-2.4.20060mlcs4.i586.rpm 
 76b72bc8938fdfc1bd425483a15a75f9 
 corporate/4.0/SRPMS/curl-7.14.0-2.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 688129530500a0cbfd405992da4b9377 
 corporate/4.0/x86_64/curl-7.14.0-2.4.20060mlcs4.x86_64.rpm
 ca17056e48cb81012c5bd7a7d35b8d49 
 corporate/4.0/x86_64/lib64curl3-7.14.0-2.4.20060mlcs4.x86_64.rpm
 51d0e70dd8230538eb484e15b70320b7 
 corporate/4.0/x86_64/lib64curl3-devel-7.14.0-2.4.20060mlcs4.x86_64.rpm 
 76b72bc8938fdfc1bd425483a15a75f9 
 corporate/4.0/SRPMS/curl-7.14.0-2.4.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 a374ff5beddecedf918904a67b208c00  mes5/i586/curl-7.19.0-2.3mdvmes5.i586.rpm
 262a4e29d7c8ef7f451c87b7bc8e2c66 
 mes5/i586/curl-examples-7.19.0-2.3mdvmes5.i586.rpm
 e86cc1febe979624999393b80c846715 
 mes5/i586/libcurl4-7.19.0-2.3mdvmes5.i586.rpm
 ba7da37dd0c8c5e4ea8b94a123ba351c 
 mes5/i586/libcurl-devel-7.19.0-2.3mdvmes5.i586.rpm 
 92e3583395a1ef3e8cd947e4ddded60d  mes5/SRPMS/curl-7.19.0-2.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4e66472f996cda47aaad865b7e9a2a9a 
 mes5/x86_64/curl-7.19.0-2.3mdvmes5.x86_64.rpm
 cb61278d082c2d15bdd209189f4eaaea 
 mes5/x86_64/curl-examples-7.19.0-2.3mdvmes5.x86_64.rpm
 231221eeb4a18060b32d0f5dcac2179e 
 mes5/x86_64/lib64curl4-7.19.0-2.3mdvmes5.x86_64.rpm
 5b2fa79ff88f193caaffce7a2fc0b127 
 mes5/x86_64/lib64curl-devel-7.19.0-2.3mdvmes5.x86_64.rpm 
 92e3583395a1ef3e8cd947e4ddded60d  mes5/SRPMS/curl-7.19.0-2.3mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 d9faa6984ea90caba24d8dd4924bde9c  mnf/2.0/i586/curl-7.11.0-2.4.C30mdk.i586.rpm
 93742023ff49d812df74fe370370b0c5 
 mnf/2.0/i586/libcurl2-7.11.0-2.4.C30mdk.i586.rpm
 17709107a56bbee9b5bbee8e19354dc9 
 mnf/2.0/i586/libcurl2-devel-7.11.0-2.4.C30mdk.i586.rpm 
 9765888e1bffb0ebd83d1ec71574de2b  mnf/2.0/SRPMS/curl-7.11.0-2.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKhq5AmqjQ0CJFipgRAkEjAKC6q4dguKEvsveWuP/zFZO2cki0MgCfSOef
0Y5QKEEUwQ/yEEgINNXRvIA=
=43oN
-----END PGP SIGNATURE-----


------------=_1250352391-13155-921
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1250352391-13155-921--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung