Slackware-10.0 ChangeLog (2009-08-14)

Fri Aug 14 13:42:26 CDT 2009

patches/packages/curl-7.12.2-i486-4_slack10.0.tgz
This update fixes a security issue where a zero byte embedded in an SSL
or TLS certificate could fool cURL into validating the security of a
connection to a system that the certificate was not issued for. It has
been reported that at least one Certificate Authority allowed such
certificates to be issued.
For more information, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
(* Security fix *)
  • news/2009/08/14/slackware-10.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi