dbg111-curl openSUSE 11.1 curl did not detect embedded null characters in certificate names. By using specially crafted certificates attackers could exploit that to conduct man in the middle attacks (CVE-2009-2417). Note the previous update that was supposed to fix the issue accidentally lacked the actual fix which was corrected this time. curl-debuginfo-7.19.0-11.3.1.i586.rpm curl-debuginfo-7.19.0-11.3.1.ppc.rpm curl-debuginfo-7.19.0-11.3.1.x86_64.rpm curl-debugsource-7.19.0-11.3.1.i586.rpm curl-debugsource-7.19.0-11.3.1.ppc.rpm curl-debugsource-7.19.0-11.3.1.x86_64.rpm