[ MDVSA-2015:220 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:220
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When doing HTTP requests using the Negotiate authentication
 method along with NTLM, the connection used would not be marked
 as authenticated, making it possible to reuse it and send requests
 for one user over the connection authenticated as a different user
 (CVE-2015-3148)

007 Software

[ MDVSA-2015:220 ] curl

Leave a Reply Cancel reply

Software and Security Information