Oracle Linux 6 / 7 : curl (ELSA-2019-4652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4652 advisory. - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password compariso...

Amazon Linux AMI : curl (ALAS-2016-766)

This build resolves the following issues : CVE-2016-8615 : Cookie injection for other servers CVE-2016-8616 : Case insensitive password comparison CVE-2016-8617 : Out-of-bounds write via unchecked multiplication CVE-2016-8618 : Double-free in curlmaprintf CVE-2016-8619 : Double-free in krb5 code...

case insensitive password comparison

When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...

CURL-CVE-2016-8616 case insensitive password comparison

When reusing a connection, curl was doing case insensitive comparisons of username and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be...

Security fix for the ALT Linux 8 package curl version 7.51.0-alt1

Nov. 2, 2016 Anton Farygin 7.51.0-alt1 - new version with security fixes: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curlmaprintf CVE-2016-8619: double-fr...