ALT-PU-2015-1396-1

Обновление пакета curl в ветке sisyphus

Версия7.42.0-alt1

Задание#143432

Опубликовано2015-04-22

Макс. серьёзностьCRITICAL

Серьёзность:

Закрытые проблемы (4)

MEDIUM5.0

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

Опубликовано: 2015-04-24Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

Ссылки

CRITICAL9.0

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

Опубликовано: 2015-04-24Изменено: 2025-04-12

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

Ссылки

HIGH7.5

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Опубликовано: 2015-04-24Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

MEDIUM5.0

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Опубликовано: 2015-04-24Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

Ссылки