Advisories ยป MGASA-2015-0263

Updated curl package fixes security vulnerability

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-3236 , CVE-2015-3237


libcurl can wrongly send HTTP credentials when re-using connections. Even
if the handle for an HTTP connection is reset, it retains the credentials,
which can cause them to be unintentionally leaked in subsequent requests

libcurl can get tricked by a malicious SMB server to send off data it did
not intend to. A malicious SMB server can use this to access arbitrary
process memory, or to crash the client, causing a denial of service