Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisoryimportantcurlopenSUSE curl Important Connection Credential Leak Fix SUSE-SU-2026-1940-1
An update that solves six vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:1940-1 Release Date: 2026-05-18T07:44:21Z Rating: important References: * bsc#1259362 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4873 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6253 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6429 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1940=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1940=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1940=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * curl-mini-debugsource-8.14.1-150600.4.43.1 * curl-8.14.1-150600.4.43.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.43.1 * libcurl4-debuginfo-8.14.1-150600.4.43.1 * curl-debuginfo-8.14.1-150600.4.43.1 * libcurl-mini4-8.14.1-150600.4.43.1 * libcurl-devel-8.14.1-150600.4.43.1 * curl-debugsource-8.14.1-150600.4.43.1 * libcurl4-8.14.1-150600.4.43.1 * openSUSE Leap 15.6 (noarch) * curl-zsh-completion-8.14.1-150600.4.43.1 * libcurl-devel-doc-8.14.1-150600.4.43.1 * curl-fish-completion-8.14.1-150600.4.43.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.43.1 * libcurl-devel-32bit-8.14.1-150600.4.43.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.43.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.14.1-150600.4.43.1 * libcurl-devel-64bit-8.14.1-150600.4.43.1 * libcurl4-64bit-8.14.1-150600.4.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * curl-8.14.1-150600.4.43.1 * libcurl4-debuginfo-8.14.1-150600.4.43.1 * curl-debuginfo-8.14.1-150600.4.43.1 * libcurl-devel-8.14.1-150600.4.43.1 * curl-debugsource-8.14.1-150600.4.43.1 * libcurl4-8.14.1-150600.4.43.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcurl4-32bit-8.14.1-150600.4.43.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * curl-8.14.1-150600.4.43.1 * libcurl4-debuginfo-8.14.1-150600.4.43.1 * curl-debuginfo-8.14.1-150600.4.43.1 * libcurl-devel-8.14.1-150600.4.43.1 * curl-debugsource-8.14.1-150600.4.43.1 * libcurl4-8.14.1-150600.4.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.43.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 *https://bugzilla.suse.com/show_bug.cgi?id=1262638 . # Security update for curl Announcement ID: SUSE-SU-2026:1940-1 Release Date: 2026-05-18T07:44:21Z R. update, solves, vulnerabilities, installed, security, announcem. . Severity: Important. LinuxSecurity.com Team
May 18, 2026
•Important
OpenSUSE
203
security advisorysoftware updateCVE referenceMageia 9 MGASA-2025-0016: Critical Git Credential Issues Addressed
Git does not sanitize URLs when asking for credentials interactively. (CVE-2024-50349) Newline confusion in credential helpers can lead to credential exfiltration in git. (CVE-2024-52006) . MGASA-2025-0016 - Updated git packages fix security vulnerabilities Publication date: 20 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0016.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-50349, CVE-2024-52006 Git does not sanitize URLs when asking for credentials interactively. (CVE-2024-50349) Newline confusion in credential helpers can lead to credential exfiltration in git. (CVE-2024-52006) References: - https://bugs.mageia.org/show_bug.cgi?id=33921 - https://www.openwall.com/lists/oss-security/2025/01/14/4 - https://www.cve.org/CVERecord?id=CVE-2024-50349 - https://www.cve.org/CVERecord?id=CVE-2024-52006 SRPMS: - 9/core/git-2.41.3-1.mga9 . MGASA-2025-0017 introduces protection patches for vulnerabilities found in ssh, bolstering authorization integrity as of Jan 22, 2025. credential exfiltration, git updates, Mageia advisory, security updates, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jan 20, 2025
•Critical
Mageia
89
security advisoryFedoracurlFedora 36: 2022-3517572083 Moderate: Curl Connection Security Issues
- fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3517572083 2022-05-07 04:08:14.318757 --------------------------------------------------------------------------------Name : curl Product : Fedora 36 Version : 7.82.0 Release : 4.fc36 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------ChangeLog: * Mon May 2 2022 Kamil Dudka - 7.82.0-4 - fix leak of SRP credentials in redirects (CVE-2022-27774) * Thu Apr 28 2022 Kamil Dudka - 7.82.0-3 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------References: [ 1 ] Bug#2079167 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079167 [ 2 ] Bug #2079169 - CVE-2022-27774 curl: credential leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079169 [ 3 ] Bug #2079171 - CVE-2022-27775 curl: bad local IPv6 connection reuse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079171 [ 4 ] Bug #2079174 - CVE-2022-27776 curl: auth/cookie leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079174 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3517572083' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
•Important
Fedora
203
security advisorygitcredential exposureMageia 7: 2020-0181 Moderate: Git Credential Exposure via Malicious URLs
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server (CvE-2020-111008). . MGASA-2020-0181 - Updated git packages fix security vulnerability Publication date: 24 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0181.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-11008 Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server (CvE-2020-111008). With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. References: - https://bugs.mageia.org/show_bug.cgi?id=26516 - https://www.openwall.com/lists/oss-security/2020/04/20/1 - https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 - https://www.cve.org/CVERecord?id=CVE-2020-11008 SRPMS: - 7/core/git-2.21.3-1.mga7 . Refreshed git libraries address a security flaw related to saved authentication details. Learn about the remediation measures.. Git Security, Mageia Update, Credential Safety, Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2020
•Important
Mageia
197
security advisoryDebianlocal accessDebian: DLA-1863-1 Moderate: ptrace Credential Management Security Flaw
Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. . Package : linux-4.9 Version : 4.9.168-1+deb9u4~deb8u1 CVE ID : CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. For Debian 8 "Jessie", this problem has been fixed in version 4.9.168-1+deb9u4~deb8u1. We recommend that you upgrade your linux-4.9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams . The latest Linux 4.9 security patch addresses vulnerabilities related to ptrace handling that might allow local users to gain root privileges. Visit our page for further information.. Linux Kernel, Debian Security, ptrace, root Privileges, LTS Update. . Severity: Important. LinuxSecurity.com Team
Jul 23, 2019
•Important
Debian LTS
89
security advisorysecurity updateFedoraFedora 26 MyProxy Security Update: Key Enhancements and Fixes
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-0eea793538 2017-07-14 11:45:23.814507 --------------------------------------------------------------------------------Name : myproxy Product : Fedora 26 Version : 6.1.28 Release : 1.fc26 URL : / Summary : Manage X.509 Public Key Infrastructure (PKI) security credentials Description : MyProxy is open source software for managing X.509 Public Key Infrastructure (PKI) security credentials (certificates and private keys). MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where needed. Users run myproxy-logon to authenticate and obtain credentials, including trusted CA certificates and Certificate Revocation Lists (CRLs). --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-client * GT6 update globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gram-job-manager-condor * Make noarch build arch independent globus-gridftp-server *New error message format (12.0) * Configuration database (12.0) * Better delay for end of session ref check (12.1) * Fix tests when getgroups() does not return effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16/12.17) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade myproxy' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 14, 2017
Fedora
89
security advisoryFedorasecurity fixFedora 25 MyProxy Security Update: Critical Improvements and Fixes
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-7591a8e2c9 2017-07-03 18:56:35.537627 --------------------------------------------------------------------------------Name : myproxy Product : Fedora 25 Version : 6.1.28 Release : 1.fc25 URL : / Summary : Manage X.509 Public Key Infrastructure (PKI) security credentials Description : MyProxy is open source software for managing X.509 Public Key Infrastructure (PKI) security credentials (certificates and private keys). MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where needed. Users run myproxy-logon to authenticate and obtain credentials, including trusted CA certificates and Certificate Revocation Lists (CRLs). --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end of session refcheck (12.1) * Fix tests when getgroups() does not return effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade myproxy' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 04, 2017
•Critical
Fedora
200
security advisorymoderatesecurity patchScientific Linux 6: 2017-0847-1 Moderate: Curl HTTP Authentication Fix
Moderate: curl security update. Date: Wed, 5 Apr 2017 15:04:09 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: curl on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: curl security update Advisory ID: SLSA-2017:0847-1 Issue Date: 2017-03-29 CVE Numbers: CVE-2017-2628 -- Security Fix(es): * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628) -- SL6 x86_64 curl-7.19.7-53.el6_9.x86_64.rpm curl-debuginfo-7.19.7-53.el6_9.i686.rpm curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm libcurl-7.19.7-53.el6_9.i686.rpm libcurl-7.19.7-53.el6_9.x86_64.rpm libcurl-devel-7.19.7-53.el6_9.i686.rpm libcurl-devel-7.19.7-53.el6_9.x86_64.rpm i386 curl-7.19.7-53.el6_9.i686.rpm curl-debuginfo-7.19.7-53.el6_9.i686.rpm libcurl-7.19.7-53.el6_9.i686.rpm libcurl-devel-7.19.7-53.el6_9.i686.rpm - Scientific Linux Development Team . A security patch for SL6 concerning curl addresses a vulnerability in HTTP Negotiate authentication. Urgent measures recommended.. Curl Security Update, SL6 Application Security, HTTP Authentication Fix, Scientific Linux Errata. . Severity: Important. LinuxSecurity.com Team
Apr 05, 2017
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!