- ------------------------------------------------------------------------- Debian Security Advisory DSA-3240-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini April 29, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2015-3153 Debian Bug : It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u2. For the testing distribution (stretch), this problem will be fixed in version 7.42.1-1. For the unstable distribution (sid), this problem has been fixed in version 7.42.1-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-3240-1: curl security update
April 29, 2015
It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends...
Summary
It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u2. For the testing distribution (stretch), this problem will be fixed in version 7.42.1-1. For the unstable distribution (sid), this problem has been fixed in version 7.42.1-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-3240-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini April 29, 2015 https://www.debian.org/security/faq
Severity
Package : curl
CVE ID : CVE-2015-3153
Debian Bug :
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
