Vulnerability CVE-2015-3148: Information
Description
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Severity: MEDIUM (5.0)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
curl | sisyphus | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | p10 | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | p9 | 7.42.0-alt1 | 7.79.0-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c10f1 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c9f2 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Fixed |
curl | c7 | 7.56.1-alt1.M70C.1.1 | 7.56.1-alt1.M70C.1.1 | ALT-PU-2018-1442-1 | 202075 | Fixed |
curl | p11 | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
DSA-3232 |
|
http://curl.haxx.se/docs/adv_20150422B.html |
|
USN-2591-1 |
|
FEDORA-2015-6853 |
|
FEDORA-2015-6864 |
|
MDVSA-2015:220 |
|
1032232 |
|
MDVSA-2015:219 | |
FEDORA-2015-6728 |
|
openSUSE-SU-2015:0799 | |
FEDORA-2015-6695 |
|
http://advisories.mageia.org/MGASA-2015-0179.html |
|
APPLE-SA-2015-08-13-2 |
|
https://support.apple.com/kb/HT205031 |
|
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 |
|
HPSBHF03544 |
|
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 | |
GLSA-201509-02 | |
74301 | |
FEDORA-2015-6712 | |
RHSA-2015:1254 |