Debian Security Advisory 3455-1

Debian Security Advisory 3455-1: Posted Jan 27, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3455-1 - Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.; tags | advisory, web; systems | linux, debian; advisories | CVE-2016-0755; SHA-256 | 3620e17695b64ca3c1d71e402b5865252838bb7f40fb0095351f1bce3684e807; Download | Favorite | View

Debian Security Advisory 3455-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3455-1                   security@debian.org
https://www.debian.org/security/                       Alessandro Ghedini
January 27, 2016                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2016-0755

Isaac Boukris discovered that cURL, an URL transfer library, reused
NTLM-authenticated proxy connections without properly making sure that
the connection was authenticated with the same credentials as set for
the new transfer. This could lead to HTTP requests being sent over the
connection authenticated as a different user.

For the stable distribution (jessie), this problem has been fixed in
version 7.38.0-4+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 7.47.0-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWqLUPAAoJEK+lG9bN5XPLsy4P/3R2RbmDfBUUODkb+1sJlGY5
DJBcPwyy/oGA4RRYDqDUhFPp8vnxSFjud1hsjw0vOq3BPo0Tk8x1nVl7iv2vAvWr
CICXdTIWj1oWjNKD7ZtP69LoPxNMwxYpj5T4dvC+n2yeiTDXxkPrUoucoDVtA45T
VibBgOf/NmsEQDKMjxtjpHEGnyLqcgIKGtmpU7rhKg/V6cG8Uz2Td3AYc/R74h9O
i57rmEaHN62C8a0C9V46X529tuOLw0x5Kz16x1vQcywecI6dxtYtE5MQ2khZvMwA
jD7ibINp0+nLA3pzfi2rNo/0S1SXwlaLCQjEam8olgdwA6oMBPTZXw17pu0S0mmt
YbIWzLosOAYZIonnaPYiLC3PWtEGEeBWIIXR1oBCCOUxHZ9uXAesEaa/gc71J/EF
bUHGU4vUvAm3JHDmYGvfMxF5SuTFjdHAJl1rwCJ8/LZbgAN169cDpYdjm79P/rng
zcovi0qSawaIdKqIeuaSZGiMGvIUmM2HDYV66PvgPVokAy2mawKwdxTaP8sWd++z
WyhtP3xXj/Q3NXHByAUa+91bDwLFpnKVTbIe2SKNLCYrfrSkRTPxpIZV688eftsr
AzwHk4sGkOcsnQ9O3JmS5uY8wxiEUM9TH3AevgwNFFPuW78dHhnn7AhccDnOijzO
F0MGJ6q014k7/oUfHVW9
=l4R6
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3455-1

Debian Security Advisory 3455-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3455-1

Share This

Debian Security Advisory 3455-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems