Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 557
Alerts This Week
Warning Icon 1 557

Fedora 22: 2016-3fa315a5dd Critical: Curl Proxy Credential Issue

fedora
Calendar Grey February 2, 2016
Dist Fedora Esm H88
The latest Fedora 22 update rectifies a vulnerability in curl related to the management of credentials when connecting through a proxy, identified as CVE-2016-0755.
- match credentials when re-using a proxy connection (CVE-2016-0755)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- match credentials when re-using a proxy connection (CVE-2016-0755)

Change Log

References


[ 1 ] Bug #1302263 - CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use https://bugzilla.redhat.com/show_bug.cgi?id=1302263

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 22
Version: 7.40.0
Release: 8.fc22
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.