libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests (CVE-2015-3236). libcurl can get tricked by a malicious SMB server to send off data it did not intend to. A malicious SMB server can use this to access arbitrary process memory, or to crash the client, causing a denial of service (CVE-2015-3237).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | curl | <Â 7.40.0-3.1 | curl-7.40.0-3.1.mga5 |