Overview

File _patchinfo of Package patchinfo.581

<patchinfo incident="581">
  <issue id="927556" tracker="bnc">VUL-0: CVE-2015-3143: curl: Re-using authenticated connection when unauthenticated</issue>
  <issue id="927607" tracker="bnc">VUL-0: CVE-2015-3145: curl: cookie parser out of boundary memory access</issue>
  <issue id="927608" tracker="bnc">VUL-0: CVE-2015-3144: curl: host name out of boundary memory access</issue>
  <issue id="927746" tracker="bnc">VUL-0: CVE-2015-3148: curl: Negotiate not treated as connection-oriented</issue>
  <issue id="CVE-2015-3143" tracker="cve" />
  <issue id="CVE-2015-3148" tracker="cve" />
  <issue id="CVE-2015-3145" tracker="cve" />
  <issue id="CVE-2015-3144" tracker="cve" />
  <issue tracker="cve" id="CVE-2015-3153"></issue>
  <issue tracker="bnc" id="928533">VUL-1: CVE-2015-3153: curl: sensitive HTTP server headers also sent to proxies</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>curl was updated to fix five security issues.

The following vulnerabilities were fixed:

* CVE-2015-3143: curl could re-use NTML authenticateds connections
* CVE-2015-3144: curl could access memory out of bounds with zero length host names
* CVE-2015-3145: curl cookie parser could access memory out of boundary
* CVE-2015-3148: curl could treat Negotiate as not connection-oriented
* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places