[ MDVSA-2015:021 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:021
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerability:
 
 When libcurl sends a request to a server via a HTTP proxy, it copies
 the entire URL into the request and sends if off. If the given URL
 contains line feeds and carriage returns those will be sent along to
 the proxy too, which allows the program to for example send a separate
 HTTP request injected embedded in the URL (CVE-2014-8150).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-

007 Software

[ MDVSA-2015:021 ] curl

Leave a Reply Cancel reply

Software and Security Information