Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:0347-1

Опубликовано: 05 фев. 2016
Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

  • CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)

The following non-security bugs were fixed:

  • bsc#926511: Check for errors on the control connection during FTP transfers

The following tracked bugs only affect the test suite:

  • bsc#962996: Expired cookie in test 46 caused test failures

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
SUSE Linux Enterprise Desktop 11 SP4
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
SUSE Linux Enterprise Server 11 SP3
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
libcurl4-x86-7.19.7-1.46.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
libcurl4-x86-7.19.7-1.46.1
SUSE Linux Enterprise Server 11 SP4
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
libcurl4-x86-7.19.7-1.46.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
libcurl4-x86-7.19.7-1.46.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
curl-7.19.7-1.46.1
libcurl4-7.19.7-1.46.1
libcurl4-32bit-7.19.7-1.46.1
libcurl4-x86-7.19.7-1.46.1
SUSE Linux Enterprise Software Development Kit 11 SP3
libcurl-devel-7.19.7-1.46.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libcurl-devel-7.19.7-1.46.1

Ссылки

Описание

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1
SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.46.1
SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1
SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1
Ссылки