rPath Security Advisory: 2009-0124-1 Published: 2009-08-24 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Indirect Deterministic Weakness Updated Versions: curl=conary.rpath.com@rpl:1/7.15.3-1.4-1 curl=conary.rpath.com@rpl:2/7.17.0-2.2-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-3112 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 Description: Previous versions of the curl package do not properly validate X.509 certificates with NULL bytes in the domain name portion of the Common Name field, which can allow man-in-the-middle attacks which spoof arbitrary SSL servers by presenting crafted certificates signed by legitimate certification authorities. http://wiki.rpath.com/Advisories:rPSA-2009-0124 Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html