Updated curl package fixes security vulnerabilityPublication date: 05 Jul 2015
Affected Mageia releases : 5
CVE: CVE-2015-3236 , CVE-2015-3237
libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests (CVE-2015-3236). libcurl can get tricked by a malicious SMB server to send off data it did not intend to. A malicious SMB server can use this to access arbitrary process memory, or to crash the client, causing a denial of service (CVE-2015-3237).