openSUSE-SU-2016:0360-1

Опубликовано: 07 фев. 2016

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)

The following non-security bugs were fixed:

boo#936676: secure_getenv or __secure_getenv may not be detected correctly at build time

The following tracked bugs only affect the test suite:

boo#962996: Expired cookie in test 46 caused test failures
boo#934333: Curl test suite was not run, is now enabled during build

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

curl-7.37.0-7.1

libcurl-devel-7.37.0-7.1

libcurl-devel-32bit-7.37.0-7.1

libcurl4-7.37.0-7.1

libcurl4-32bit-7.37.0-7.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
E-Mail link for openSUSE-SU-2016:0360-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Затронутые продукты

openSUSE Leap 42.1:curl-7.37.0-7.1

openSUSE Leap 42.1:libcurl-devel-32bit-7.37.0-7.1

openSUSE Leap 42.1:libcurl-devel-7.37.0-7.1

openSUSE Leap 42.1:libcurl4-32bit-7.37.0-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-0755.html
CVE-2016-0755
https://bugzilla.suse.com/962983
SUSE Bug 962983

openSUSE-SU-2016:0360-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-0755

Описание

Затронутые продукты

Ссылки