Lucene search

K
mageiaGentoo FoundationMGASA-2015-0020
HistoryJan 09, 2015 - 7:44 p.m.

Updated curl packages fix CVE-2014-8150

2015-01-0919:44:12
Gentoo Foundation
advisories.mageia.org
16

0.005 Low

EPSS

Percentile

77.3%

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchcurl< 7.34.0-1.5curl-7.34.0-1.5.mga4