HP Security Bulletin HPSBMU03112 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. Revision 1 of this advisory.
c7ee397bfe22743f1104826923b5ce2ee2bca83ffb77b9abc0126c7de3855248
Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.
db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731a
Debian Linux Security Advisory 2824-1 - Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.
f55a219a32ddbe9db5c005f18ae0103bf4244fbfe1a1a81408c6f333202d9d95
Ubuntu Security Notice 2058-1 - Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
60e1a170797d874eef066f39fc83ca164b33b2336bbec6186892e9f7263a5944