[ MDVSA-2015:219 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:219
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When parsing HTTP cookies, if the parsed cookie's path element consists
 of a single double-quote, libcurl would try to write to an invalid
 heap memory address. This could allow remote attackers to cause a
 denial of service (crash) (CVE-2015-3145).
 
 When doing HTTP re

Leave a Reply