Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 23: FEDORA-2016-57bebab3b6 moderate: curl NTLM Proxy Issue

fedora
Calendar Grey January 30, 2016
Dist Fedora Esm H88
CVE-2016-0755 pertains to the management of NTLM credentials during proxy interactions in curl. Ensure you update immediately for improved safety!
- match credentials when re-using a proxy connection (CVE-2016-0755)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- match credentials when re-using a proxy connection (CVE-2016-0755)

Change Log

References


[ 1 ] Bug #1302263 - CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use https://bugzilla.redhat.com/show_bug.cgi?id=1302263

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 23
Version: 7.43.0
Release: 5.fc23
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here