Lucene search
OracleLinuxELSA-2015-2159HistoryNov 23, 2015 - 12:00 a.m.
curl security, bug fix, and enhancement update
2015-11-2300:00:00
linux.oracle.com
20
0.013 Low
EPSS
Percentile
84.5%
[7.29.0-25.0.1]
- disable check to make build pass
[7.29.0-25] - fix spurious failure of test 1500 on ppc64le (#1218272)
[7.29.0-24] - use the default min/max TLS version provided by NSS (#1170339)
- improve handling of timeouts and blocking direction to speed up FTP (#1218272)
[7.29.0-23] - require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)
[7.29.0-22] - reject CRLFs in URLs passed to proxy (CVE-2014-8150)
[7.29.0-21] - use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
[7.29.0-20] - eliminate unnecessary delay when resolving host from /etc/hosts (#1130239)
- allow to enable/disable new AES cipher-suites (#1066065)
- call PR_Cleanup() on curl tool exit if NSPR is used (#1071254)
- implement non-blocking TLS handshake (#1091429)
- fix limited connection re-use for unencrypted HTTP (#1101092)
- disable libcurl-level downgrade to SSLv3 (#1154060)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161182)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1166264)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | curl | < 7.29.0-25.0.1.el7 | curl-7.29.0-25.0.1.el7.src.rpm |
| oracle linux | 7 | x86_64 | curl | < 7.29.0-25.0.1.el7 | curl-7.29.0-25.0.1.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl | < 7.29.0-25.0.1.el7 | libcurl-7.29.0-25.0.1.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl | < 7.29.0-25.0.1.el7 | libcurl-7.29.0-25.0.1.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl-devel | < 7.29.0-25.0.1.el7 | libcurl-devel-7.29.0-25.0.1.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl-devel | < 7.29.0-25.0.1.el7 | libcurl-devel-7.29.0-25.0.1.el7.x86_64.rpm |
Related
redhat
redhat
(RHSA-2015:2159) Moderate: curl security, bug fix, and enhancement update
2015-11-19 14:41:12
(RHSA-2015:1254) Moderate: curl security, bug fix, and enhancement update
2015-07-22 05:29:46
(RHSA-2017:0847) Moderate: curl security update
2017-03-29 05:37:28
nessus
nessus
RHEL 6 : curl (RHSA-2015:1254)
2015-07-22 00:00:00
Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)
2015-08-04 00:00:00
openvas
openvas
RedHat Update for curl RHSA-2015:2159-06
2015-11-20 00:00:00
RedHat Update for curl RHSA-2015:1254-02
2015-07-23 00:00:00
Oracle: Security Advisory (ELSA-2015-1254)
2015-10-06 00:00:00
oraclelinux
oraclelinux
curl security, bug fix, and enhancement update
2015-07-28 00:00:00
centos
centos
curl, libcurl security update
2015-07-26 14:12:23
curl, libcurl security update
2015-11-30 19:26:37
veracode
veracode
CRLF Injection
2019-05-02 05:40:50
Authentication Bypass
2018-05-16 08:57:04
Cookie Leak
2019-01-15 09:06:32
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection
2018-06-16 21:30:39
Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM
2018-06-18 01:30:31
f5
f5
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-curl-7.42.0-1.fc21
2015-05-04 15:28:35
[SECURITY] Fedora 22 Update: mingw-curl-7.42.0-1.fc22
2015-05-01 16:51:59
[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21
2015-05-02 18:11:42
amazon
amazon
Medium: curl
2015-02-11 19:36:00
Medium: curl
2015-04-22 16:14:00
debian
debian
[SECURITY] [DLA 211-1] curl security update
2015-04-29 20:42:59
[SECURITY] [DSA 3232-1] curl security update
2015-04-22 12:08:24
[SECURITY] [DLA 134-1] curl security update
2015-01-15 21:10:23
osv
osv
curl - security update
2015-04-29 00:00:00
curl - security update
2015-04-22 00:00:00
curl - security update
2015-01-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:220 ] curl
2015-05-04 00:00:00
[ MDVSA-2015:021 ] curl
2015-01-13 00:00:00
libCurl headers injection
2015-01-13 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2015-05-03 03:19:16
Updated curl packages fix CVE-2014-8150
2015-01-09 19:44:12
Updated curl packages fix security vulnerabilities
2014-09-24 20:44:28
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.42.0-alt1
2015-04-22 00:00:00
kaspersky
kaspersky
KLA10566 Multiple vulnerabilities in cURL
2015-04-24 00:00:00
prion
prion
Crlf injection
2015-01-15 15:59:00
Code injection
2014-11-18 15:59:00
Cross site request forgery (csrf)
2015-04-24 14:59:00
cve
cve
hackerone
hackerone
Internet Bug Bounty: libcurl: URL request injection
2014-12-25 00:00:00
Internet Bug Bounty: libcurl duphandle read out of bounds
2015-09-16 00:00:00
debiancve
debiancve
freebsd
freebsd
cURL -- URL request injection vulnerability
2014-12-25 00:00:00
asterisk -- Mitigation for libcURL HTTP request injection vulnerability
2015-01-12 00:00:00
archlinux
archlinux
curl: url request injection
2015-01-18 00:00:00
curl: multiple issues
2015-04-24 00:00:00
curl: out-of-bounds read
2014-11-11 00:00:00
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Web Server HTTP Request URL Injection (CVE-2014-8150)
2016-08-28 00:00:00
ubuntu
ubuntu
curl vulnerability
2015-01-15 00:00:00
curl vulnerabilities
2015-04-30 00:00:00
curl vulnerability
2014-11-10 00:00:00
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00