New Search

SUSE-SU-2015:0990-1 -- Security update for curl (moderate)

oval:org.mitre.oval:def:29165

curl was updated to fix five security issues. The following vulnerabilities were fixed: * CVE-2015-3143: curl could re-use NTML authenticateds connections * CVE-2015-3144: curl could access memory out of bounds with zero length host names * CVE-2015-3145: curl cookie parser could access memory out of boundary * CVE-2015-3148: curl could treat Negotiate as not connection-oriented * CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12
Class:
patch
Reference(s):
  • SUSE-SU-2015:0990-1
  • CVE-2015-3143
  • CVE-2015-3144
  • CVE-2015-3145
  • CVE-2015-3148
  • CVE-2015-3153
Product(s):
  • curl