Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10166

Overview

Id SUSE-2015:10166
Name Novell SUSE 2015:10166 curl-201501 security update for SLE 11 SP3 i586
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 13 Jan 2015 12:00:00

SUSE-2015:10166

Novell SUSE 2015:10166 curl-201501 security update for SLE 11 SP3 i586

Vendor Name

novell

Product

None

Released On

13 Jan 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 * CVE-2014-3613 * CVE-2014-3707

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:20:35