curl URL sanitizing vulnerability
This update of curl disables GSSAPI to workaround
CVE-2011-2192 (bnc#698796).
- Submitted by Adrian Schröter (adrianSuSE)
- Version 5737
Fixed bugs
bnc#698796
VUL-1: curl: inappropriate GSSAPI delegation
CVE#CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI r