User: Password:
Subscribe / Log in / New account

curl: information disclosure

Package(s):curl CVE #(s):CVE-2014-0015
Created:January 31, 2014 Updated:February 24, 2014

From the Debian advisory:

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.

Arch Linux ASA-201504-28 curl 2015-04-24
Mandriva MDVSA-2015:098 curl 2015-03-28
Scientific Linux SLSA-2014:0561-1 curl 2014-05-27
Oracle ELSA-2014-0561 curl 2014-05-27
CentOS CESA-2014:0561 curl 2014-05-28
Red Hat RHSA-2014:0561-01 curl 2014-05-27
Mandriva MDVSA-2014:110 curl 2014-06-10
Mageia MGASA-2014-0153 curl 2014-04-03
openSUSE openSUSE-SU-2014:0274-1 curl 2014-02-21
openSUSE openSUSE-SU-2014:0267-1 curl 2014-02-21
Ubuntu USN-2097-1 curl 2014-02-03
Debian DSA-2849-1 curl 2014-01-31
Fedora FEDORA-2014-1864 curl 2014-02-15
Slackware SSA:2014-044-01 curl 2014-02-13
Fedora FEDORA-2014-1876 curl 2014-02-03

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds