Security update for curl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0799-1 Final 1 1 2015-04-22T10:43:07Z current 2015-04-22T10:43:07Z 2015-04-22T10:43:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl curl was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-3143: curl could re-use NTML authenticateds connections * CVE-2015-3144: curl could access memory out of bounds with zero length host names * CVE-2015-3145: curl cookie parser could access memory out of boundary * CVE-2015-3148: curl could treat Negotiate as not connection-oriented The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html E-Mail link for openSUSE-SU-2015:0799-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings curl-7.42.0-2.38.1 libcurl-devel-7.42.0-2.38.1 libcurl4-7.42.0-2.38.1 libcurl4-32bit-7.42.0-2.38.1 cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html https://www.suse.com/security/cve/CVE-2015-3143.html CVE-2015-3143 https://bugzilla.suse.com/927556 SUSE Bug 927556 The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." CVE-2015-3144 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html https://www.suse.com/security/cve/CVE-2015-3144.html CVE-2015-3144 https://bugzilla.suse.com/927608 SUSE Bug 927608 https://bugzilla.suse.com/951391 SUSE Bug 951391 The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. CVE-2015-3145 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html https://www.suse.com/security/cve/CVE-2015-3145.html CVE-2015-3145 https://bugzilla.suse.com/927607 SUSE Bug 927607 cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html https://www.suse.com/security/cve/CVE-2015-3148.html CVE-2015-3148 https://bugzilla.suse.com/1092962 SUSE Bug 1092962 https://bugzilla.suse.com/927746 SUSE Bug 927746