Updated curl packages fix CVE-2014-8150
Publication date: 09 Jan 2015Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8150
Description
Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).
References
SRPMS
4/core
- curl-7.34.0-1.5.mga4