Debian Security Advisory 3122-1

Debian Security Advisory 3122-1: Posted Jan 9, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3122-1 - Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a way that was not intended, or insert additional request headers into the request.; tags | advisory, web; systems | linux, debian; advisories | CVE-2014-8150; SHA-256 | d3f498d62423287cf98e1050abb334473512f390b27d92a81ab8531894c1bc53; Download | Favorite | View

Debian Security Advisory 3122-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3122-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
January 08, 2015                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2014-8150

Andrey Labunets of Facebook discovered that cURL, an URL transfer
library, fails to properly handle URLs with embedded end-of-line
characters. An attacker able to make an application using libcurl to
access a specially crafted URL via an HTTP proxy could use this flaw to
do additional requests in a way that was not intended, or insert
additional request headers into the request.

For the stable distribution (wheezy), this problem has been fixed in
version 7.26.0-1+wheezy12.

For the upcoming stable distribution (jessie), this problem will be
fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 7.38.0-4.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUrtvYAAoJEAVMuPMTQ89Eav0P/i41/0iYAYeRWzAl0OT2K1PM
m0trJB+hj921OUbXXJ5BeYxVesb51VRh8OKDA/8XRFO4yTG9NaFAbnrz8MQm3RKL
9caUUI9l/kuXguCZFSgx7AzoDjg4yFbv7pXT9fI2IJ0zqldjnEfH8GWT29VvH8G7
yc/7STjYAyxjbC4/bCl4ZD7uZ1hgJrFKBi4byBS/iHr+148yG4uKyPgDM+ne2EYD
RPid3B0NFq00ShdgoZC/hoe/OoJCrePxs8rbha+wIfWejrkkE09d4GT+6cPyAB9G
2fKv2YvPOSji/qAnbDE8XvfOz1L/9HMotxaxfjTbQP4U2XltsOjFJh8kcHy4A8N9
DgX0sq2/3yBNwF/8NKEbzWA/189FcpBom8z2U5kXj/3WOJm2WcnDxeu/77V2s7sO
+Eee1pDb8VacLVJp5PF/Sy/gMq/dKgenM8csBjA8epcxoK9j8/rDoUPSv0gwiEu/
eR1zupll/++dNb46mNmWIiopZDbkgk8qYRrDFAbff4OeoEgIbtSnheQskLcm8pFd
tp/DnB/wSgDpYS05sHBjHPtGMdXMKq7zDZFV0VWYlzVzObQ5i8LwABZJMauMrPW9
gGPXKAUZo7ZI8D5QeFmJZ0MwYx0q9Wgx4kLoM3iFO2ZtW98lYks1135kxrQLiCGi
2Br/qdf5gNsFbo5i3Yow
=T7UY
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3122-1

Debian Security Advisory 3122-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3122-1

Share This

Debian Security Advisory 3122-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems