[ MDVSA-2014:187 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:187
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : September 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 In cURL before 7.38.0, libcurl can be fooled to both sending cookies
 to wrong sites and into allowing arbitrary sites to set cookies for
 others. For this problem to trigger, the client application must use
 the numerical IP address in the URL to access the site (CVE-2014-3613).
 
 In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top
 Level Domains (TLDs), thus making them apply broader than cookies are
 allowed. This can allow arbitrary sites to set cook

007 Software

[ MDVSA-2014:187 ] curl

Leave a Reply Cancel reply

Software and Security Information