Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-3148
Vulnerability from cvelistv5
Published
2015-04-24 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "HPSBHF03544", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { name: "FEDORA-2015-6853", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { name: "DSA-3232", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3232", }, { name: "FEDORA-2015-6712", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { name: "74301", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74301", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "MDVSA-2015:219", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { name: "USN-2591-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2591-1", }, { name: "1032232", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032232", }, { name: "APPLE-SA-2015-08-13-2", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "RHSA-2015:1254", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { name: "MDVSA-2015:220", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2015:0799", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT205031", }, { name: "GLSA-201509-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201509-02", }, { name: "FEDORA-2015-6728", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { name: "FEDORA-2015-6695", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { name: "FEDORA-2015-6864", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-22T00:00:00", descriptions: [ { lang: "en", value: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "HPSBHF03544", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { name: "FEDORA-2015-6853", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { name: "DSA-3232", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3232", }, { name: "FEDORA-2015-6712", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { name: "74301", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74301", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "MDVSA-2015:219", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { name: "USN-2591-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2591-1", }, { name: "1032232", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032232", }, { name: "APPLE-SA-2015-08-13-2", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "RHSA-2015:1254", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { name: "MDVSA-2015:220", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2015:0799", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT205031", }, { name: "GLSA-201509-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201509-02", }, { name: "FEDORA-2015-6728", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { name: "FEDORA-2015-6695", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { name: "FEDORA-2015-6864", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3148", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "HPSBHF03544", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { name: "http://curl.haxx.se/docs/adv_20150422B.html", refsource: "CONFIRM", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { name: "FEDORA-2015-6853", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { name: "DSA-3232", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3232", }, { name: "FEDORA-2015-6712", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { name: "74301", refsource: "BID", url: "http://www.securityfocus.com/bid/74301", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "MDVSA-2015:219", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { name: "USN-2591-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2591-1", }, { name: "1032232", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032232", }, { name: "APPLE-SA-2015-08-13-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "RHSA-2015:1254", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { name: "MDVSA-2015:220", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2015:0799", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { name: "http://advisories.mageia.org/MGASA-2015-0179.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { name: "https://support.apple.com/kb/HT205031", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT205031", }, { name: "GLSA-201509-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201509-02", }, { name: "FEDORA-2015-6728", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { name: "FEDORA-2015-6695", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { name: "FEDORA-2015-6864", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3148", datePublished: "2015-04-24T14:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.988Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56BDB5A0-0839-4A20-A003-B8CD56F48171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49A63F39-30BE-443F-AF10-6245587D3359\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8A2286E-9D1C-4B56-8B40-150201B818AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"831B1114-7CA7-43E3-9A15-592218060A1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8B0A12E-E122-4189-A05E-4FEA43C19876\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E1F9453-1FB6-4CA7-9285-A243E56667B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F79828BB-2412-46AD-BE3C-A51B48E191AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72D0F13F-D56F-4C1C-A3CF-2E4E704817CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90A4F2E2-1B43-470E-8935-CB32F12A0124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"797DF5C7-509E-48FD-BD04-C66E01748728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47BD868A-CE3B-4E39-A588-C4EDA3265A71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A2EE400-1C36-40F4-A9D1-9AB432F168BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08DCC42C-C881-4AEA-9348-E8317C54D62B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81CEF54A-9668-4031-926F-9B978DD5CDF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45068C90-8915-4D19-B36B-993980E28D08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24543011-2458-47B5-984A-901E70084902\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB482A9C-D577-4AEE-A08F-CAFA6586B51E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60BBDF07-DB97-433E-B542-EFEBE45550DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA8BE3F8-82ED-4DD7-991E-979E950C98B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"738AA231-4694-46E8-B559-1594263A9987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9E1F171-B887-499A-BF4F-538EBF347811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07AA276A-0EBA-4DC9-951C-8F8159FAC7A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DEEF534-9AD2-4439-9D69-E91D062C4647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63643BE1-C978-4CD2-8ED1-2B979DB0676E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6FA04A0-9258-4654-ABCF-F41340B1FA35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE829230-AFDB-4131-9C6A-D9D7A66C5B57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7E8BA30-8087-48D4-AE1B-48326FF826B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47970EFF-2F51-4875-A6BD-E30614E13278\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52C9B668-3204-41C5-A82E-262BDFA541DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08C8EE1E-E186-42D6-8B12-05865C73F261\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEA3D88B-41B9-4D79-B47D-B3D6058C0C27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2C80901-D48E-4C2A-9BED-A40007A11C97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"331A51E4-AA73-486F-9618-5A83965F2436\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB32DF2C-9208-4853-ADEB-B00D764D7467\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E05636DC-7E38-4605-AAB8-81C0AE37520A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"624DF2F1-53FD-48D3-B93D-44E99C9C0C5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2171C7C-311A-4405-B95F-3A54966FA844\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DE20A41-8B53-46FC-9002-69CC7495171F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87ED9DA0-E880-4CBB-B1AC-5AEE8A004718\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5293C7F0-BF9F-4768-889A-876CE78903CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3EB41B3-65F3-4B0E-8CCC-325B14AF605B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"857B244C-2AFB-40C7-A893-7C6DE9871BCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B732CE55-820A-40E0-A885-71BBB6CF8C15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0455A5F2-1515-4CD8-BA2F-74D28E91A661\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29034B3A-BE9D-4D68-8C56-4465C03C3693\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6249538E-FBCB-4130-91FB-DA78D7BA45DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E11B8A5-50A2-468F-BFB3-86DD9D28AC73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EAE25A0-3828-46F1-AB30-88732CBC9F38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1533A85C-2160-445D-8787-E624AEDC5A0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D87B9393-7EA4-43DA-900C-7E840AE2D4C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D1249E9-304F-4952-8DAB-8B79CE5E7D54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83FAF953-6A65-4FAB-BDB5-03B468CD1C9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F8FF1F-A639-4161-9366-62528AAF4C07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"812AB429-379A-4EDE-9664-5BC2989053F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13DD791F-C4BD-4456-955A-92E84082AA09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A17E442-45AA-4780-98B4-9BF764DCC1C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6AF544C-5F16-4434-B9FB-93B1B7318950\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBFD9ED9-2412-44AE-9C55-0ED03A121B23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E66A332-ECD1-4452-B444-FB629022FDF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDD3D599-35E9-4590-B5E0-3AF04D344695\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3B6BFFB-7967-482C-9B49-4BD25C815299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260DD751-4145-4B75-B892-5FC932C6A305\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3831AB03-4E7E-476D-9623-58AADC188DFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FAC1B55-F492-484E-B837-E7745682DE0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9A12DF7-62C5-46AD-9236-E2821C64156E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"257291FB-969C-4413-BA81-806B5E1B40A7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.5.3.1\", \"matchCriteriaId\": \"D06BF4CE-299F-42E4-BA0A-5D68788C92DF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D65CDC0-580B-42B3-97E8-69BE44CDB68C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01001EEA-AB99-4041-8188-38CEBE9C3031\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31DB0DA3-88B7-43ED-8102-CEBC28524CE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87596B6A-A7B3-4256-9982-45D3B6E3E018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0045855F-A707-415A-AC12-6981B68B08E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B49807DC-0BDA-41F6-BB76-7C62328D245F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A78B6B8-9F4B-46AC-BB04-7EBADC690CBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFE80B46-33F0-4338-AF37-9E7E31FC5E83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD38D8C6-9EEE-4160-9353-773943A560B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD33549E-EFFB-466F-8B47-BE036D454693\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16BB71C8-3564-4E69-A2C3-E9AB1F9EF20C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4966AA12-15DB-44E5-84AF-9D7AF4A52F86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"827B6C8A-59C4-4714-9406-5C8EB5073AB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93A11305-E4FF-473B-9415-AF1F0E7A27D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8444095B-AF8F-42B5-BD4D-9CBE9238E42D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C22F23AE-02AB-42F0-AA16-D2F8C94E5DE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B33DE520-BD2A-4499-B1F8-1439AE16AB57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FCB20-E74F-4550-AC48-EE4E5875E118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D16DBA5E-582F-4648-932E-8A1EFB7FE3D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A25323F4-7C67-4097-AD53-A6B9E6D96BA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36919682-F59E-4EC0-886C-AE967F636753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B45AF234-3651-4367-BFEF-8766F66FB138\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E46A9126-A02E-44CD-885D-0956E0C87C2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91E9C756-7FE3-4197-8C18-99CD1F49B0D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88806B7D-5EFE-4F91-B115-732882D2C126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BB9E8AB-B3EC-4743-B39B-7325EEB17233\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5030FBB0-C95B-4ADE-BFC2-CCA37AAD019B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5513618A-6770-4292-95D1-68F55D8343CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7494C01F-E9EC-406E-879A-B2045865E282\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DD9F894-4576-4ED1-9F55-4C27ECE7E058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49AFACAC-BBAF-469B-BF05-0478E987120F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A136E86-0697-4915-BC49-F570C776EDE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECB241AF-A01D-4FD6-B98A-F4C20F844C2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5B61901-F7DF-4805-8EB7-CA1701CA81CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB0CDEC9-224A-4668-B2E4-2145653E3F2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E92BE9CB-F001-47A0-94E0-48FC01A63FE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"324E2A20-2F66-4E03-9A7F-A09E631E9033\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8987B53-BD80-40B9-8429-21AD97208040\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490D1BDC-33B9-43BA-B6DA-42DEE577082A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B465BE7E-0B4D-4BC4-894B-3F51A201CE91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAA17087-3021-4961-B53C-CDCC872A31A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5CA3936-4602-40E6-B75C-58D3F24268E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D87C110C-21DD-438A-90EF-BE516CF59F3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD2D9E0E-2EED-4FB5-859C-05226FC48D7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CA01E21-71CE-4B07-B5A6-D0D7AC493A5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51239254-31CE-4BF7-8669-1525BA391362\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E2BE20D-232D-4C86-81B0-C82CCC1CAA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D652FD7C-1521-4391-AAE1-0A4D6F4CE8F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB861143-F809-45CF-95BE-E64F4BA1A0DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3480F4A-0AE0-4428-9EDA-5A6B994909A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936BF59E-33A8-46BA-9FBD-8763812E2F10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33168C81-6DAE-40D6-9693-68390CD71DA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"424F9604-AA9A-4D45-A521-0BDEDB723659\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6EBCEB-E52C-4FF5-B15A-6960F58090EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D204E994-4591-403C-8EF3-D3B7BF4AA1A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBF5418D-1162-4B1E-BC3D-06A3E084BEFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA65F31-3D54-4F66-A0A3-2BD993FF38F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41ACC9FE-62FF-424B-B4B8-B033FEAF7686\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8BC39E9-5945-4DC8-ACA8-1C9918D9F279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ECABFCB-0D02-4B5B-BB35-C6B3C0896348\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A5176F0-E62F-46FF-B536-DC0680696773\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"506A3761-3D24-43DB-88D8-4EB5B9E8BA5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B6EF8B0-0E86-449C-A500-ACD902A78C7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D558CC2-0146-4887-834E-19FCB1D512A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6931764D-16AB-4546-9CE3-5B4E03BC984A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DEBBFCA-6A18-4F8F-B841-50255C952FA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEEAE437-A645-468B-B283-44799658F534\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.\"}, {\"lang\": \"es\", \"value\": \"cURL y libcurl 7.10.6 hasta la versi\\u00f3n 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a trav\\u00e9s de una solicitud.\"}]", id: "CVE-2015-3148", lastModified: "2024-11-21T02:28:46.560", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2015-04-24T14:59:11.000", references: "[{\"url\": \"http://advisories.mageia.org/MGASA-2015-0179.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://curl.haxx.se/docs/adv_20150422B.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq&m=145612005512270&w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1254.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3232\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:220\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/74301\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032232\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2591-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201509-02\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2015-0179.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://curl.haxx.se/docs/adv_20150422B.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq&m=145612005512270&w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1254.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:220\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/74301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2591-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201509-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2015-3148\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-24T14:59:11.000\",\"lastModified\":\"2024-11-21T02:28:46.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.\"},{\"lang\":\"es\",\"value\":\"cURL y libcurl 7.10.6 hasta la versión 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a través de una solicitud.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A63F39-30BE-443F-AF10-6245587D3359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A2286E-9D1C-4B56-8B40-150201B818AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831B1114-7CA7-43E3-9A15-592218060A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B0A12E-E122-4189-A05E-4FEA43C19876\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1F9453-1FB6-4CA7-9285-A243E56667B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F79828BB-2412-46AD-BE3C-A51B48E191AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D0F13F-D56F-4C1C-A3CF-2E4E704817CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90A4F2E2-1B43-470E-8935-CB32F12A0124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797DF5C7-509E-48FD-BD04-C66E01748728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47BD868A-CE3B-4E39-A588-C4EDA3265A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2EE400-1C36-40F4-A9D1-9AB432F168BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DCC42C-C881-4AEA-9348-E8317C54D62B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81CEF54A-9668-4031-926F-9B978DD5CDF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45068C90-8915-4D19-B36B-993980E28D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24543011-2458-47B5-984A-901E70084902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB482A9C-D577-4AEE-A08F-CAFA6586B51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BBDF07-DB97-433E-B542-EFEBE45550DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA8BE3F8-82ED-4DD7-991E-979E950C98B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738AA231-4694-46E8-B559-1594263A9987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9E1F171-B887-499A-BF4F-538EBF347811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07AA276A-0EBA-4DC9-951C-8F8159FAC7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DEEF534-9AD2-4439-9D69-E91D062C4647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63643BE1-C978-4CD2-8ED1-2B979DB0676E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FA04A0-9258-4654-ABCF-F41340B1FA35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE829230-AFDB-4131-9C6A-D9D7A66C5B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E8BA30-8087-48D4-AE1B-48326FF826B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47970EFF-2F51-4875-A6BD-E30614E13278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C9B668-3204-41C5-A82E-262BDFA541DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C8EE1E-E186-42D6-8B12-05865C73F261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA3D88B-41B9-4D79-B47D-B3D6058C0C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2C80901-D48E-4C2A-9BED-A40007A11C97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"331A51E4-AA73-486F-9618-5A83965F2436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB32DF2C-9208-4853-ADEB-B00D764D7467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E05636DC-7E38-4605-AAB8-81C0AE37520A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624DF2F1-53FD-48D3-B93D-44E99C9C0C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2171C7C-311A-4405-B95F-3A54966FA844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DE20A41-8B53-46FC-9002-69CC7495171F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87ED9DA0-E880-4CBB-B1AC-5AEE8A004718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5293C7F0-BF9F-4768-889A-876CE78903CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB41B3-65F3-4B0E-8CCC-325B14AF605B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857B244C-2AFB-40C7-A893-7C6DE9871BCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B732CE55-820A-40E0-A885-71BBB6CF8C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0455A5F2-1515-4CD8-BA2F-74D28E91A661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29034B3A-BE9D-4D68-8C56-4465C03C3693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6249538E-FBCB-4130-91FB-DA78D7BA45DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E11B8A5-50A2-468F-BFB3-86DD9D28AC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EAE25A0-3828-46F1-AB30-88732CBC9F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1533A85C-2160-445D-8787-E624AEDC5A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D87B9393-7EA4-43DA-900C-7E840AE2D4C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1249E9-304F-4952-8DAB-8B79CE5E7D54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FAF953-6A65-4FAB-BDB5-03B468CD1C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F8FF1F-A639-4161-9366-62528AAF4C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"812AB429-379A-4EDE-9664-5BC2989053F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13DD791F-C4BD-4456-955A-92E84082AA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A17E442-45AA-4780-98B4-9BF764DCC1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6AF544C-5F16-4434-B9FB-93B1B7318950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD9ED9-2412-44AE-9C55-0ED03A121B23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E66A332-ECD1-4452-B444-FB629022FDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDD3D599-35E9-4590-B5E0-3AF04D344695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B6BFFB-7967-482C-9B49-4BD25C815299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260DD751-4145-4B75-B892-5FC932C6A305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3831AB03-4E7E-476D-9623-58AADC188DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC1B55-F492-484E-B837-E7745682DE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A12DF7-62C5-46AD-9236-E2821C64156E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257291FB-969C-4413-BA81-806B5E1B40A7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.5.3.1\",\"matchCriteriaId\":\"D06BF4CE-299F-42E4-BA0A-5D68788C92DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D65CDC0-580B-42B3-97E8-69BE44CDB68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01001EEA-AB99-4041-8188-38CEBE9C3031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31DB0DA3-88B7-43ED-8102-CEBC28524CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87596B6A-A7B3-4256-9982-45D3B6E3E018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0045855F-A707-415A-AC12-6981B68B08E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B49807DC-0BDA-41F6-BB76-7C62328D245F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A78B6B8-9F4B-46AC-BB04-7EBADC690CBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFE80B46-33F0-4338-AF37-9E7E31FC5E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD38D8C6-9EEE-4160-9353-773943A560B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD33549E-EFFB-466F-8B47-BE036D454693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16BB71C8-3564-4E69-A2C3-E9AB1F9EF20C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4966AA12-15DB-44E5-84AF-9D7AF4A52F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"827B6C8A-59C4-4714-9406-5C8EB5073AB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A11305-E4FF-473B-9415-AF1F0E7A27D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8444095B-AF8F-42B5-BD4D-9CBE9238E42D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C22F23AE-02AB-42F0-AA16-D2F8C94E5DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B33DE520-BD2A-4499-B1F8-1439AE16AB57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FCB20-E74F-4550-AC48-EE4E5875E118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16DBA5E-582F-4648-932E-8A1EFB7FE3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A25323F4-7C67-4097-AD53-A6B9E6D96BA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36919682-F59E-4EC0-886C-AE967F636753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B45AF234-3651-4367-BFEF-8766F66FB138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E46A9126-A02E-44CD-885D-0956E0C87C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E9C756-7FE3-4197-8C18-99CD1F49B0D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88806B7D-5EFE-4F91-B115-732882D2C126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB9E8AB-B3EC-4743-B39B-7325EEB17233\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5030FBB0-C95B-4ADE-BFC2-CCA37AAD019B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5513618A-6770-4292-95D1-68F55D8343CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7494C01F-E9EC-406E-879A-B2045865E282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DD9F894-4576-4ED1-9F55-4C27ECE7E058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AFACAC-BBAF-469B-BF05-0478E987120F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A136E86-0697-4915-BC49-F570C776EDE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB241AF-A01D-4FD6-B98A-F4C20F844C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B61901-F7DF-4805-8EB7-CA1701CA81CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0CDEC9-224A-4668-B2E4-2145653E3F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E92BE9CB-F001-47A0-94E0-48FC01A63FE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"324E2A20-2F66-4E03-9A7F-A09E631E9033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8987B53-BD80-40B9-8429-21AD97208040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490D1BDC-33B9-43BA-B6DA-42DEE577082A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B465BE7E-0B4D-4BC4-894B-3F51A201CE91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAA17087-3021-4961-B53C-CDCC872A31A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5CA3936-4602-40E6-B75C-58D3F24268E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D87C110C-21DD-438A-90EF-BE516CF59F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD2D9E0E-2EED-4FB5-859C-05226FC48D7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA01E21-71CE-4B07-B5A6-D0D7AC493A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51239254-31CE-4BF7-8669-1525BA391362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E2BE20D-232D-4C86-81B0-C82CCC1CAA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D652FD7C-1521-4391-AAE1-0A4D6F4CE8F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB861143-F809-45CF-95BE-E64F4BA1A0DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3480F4A-0AE0-4428-9EDA-5A6B994909A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936BF59E-33A8-46BA-9FBD-8763812E2F10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33168C81-6DAE-40D6-9693-68390CD71DA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"424F9604-AA9A-4D45-A521-0BDEDB723659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6EBCEB-E52C-4FF5-B15A-6960F58090EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D204E994-4591-403C-8EF3-D3B7BF4AA1A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBF5418D-1162-4B1E-BC3D-06A3E084BEFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA65F31-3D54-4F66-A0A3-2BD993FF38F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41ACC9FE-62FF-424B-B4B8-B033FEAF7686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8BC39E9-5945-4DC8-ACA8-1C9918D9F279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ECABFCB-0D02-4B5B-BB35-C6B3C0896348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A5176F0-E62F-46FF-B536-DC0680696773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"506A3761-3D24-43DB-88D8-4EB5B9E8BA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B6EF8B0-0E86-449C-A500-ACD902A78C7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D558CC2-0146-4887-834E-19FCB1D512A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6931764D-16AB-4546-9CE3-5B4E03BC984A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEBBFCA-6A18-4F8F-B841-50255C952FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEEAE437-A645-468B-B283-44799658F534\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422B.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq&m=145612005512270&w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1254.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:220\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/74301\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq&m=145612005512270&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1254.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/74301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
var-201504-0150
Vulnerability from variot
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Background
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This could
allow remote attackers to cause a denial of service (crash). This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This could allow remote attackers to
cause a denial of service (crash). This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.
We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859 Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-19 Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in Comware 7 and iMC Plat.
COMWARE 7 Products
- 12500 (Comware 7) R7375
- HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
- H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
- 10500 (Comware 7) R7168
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
- 12900 (Comware 7) R1137
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- 5920 (Comware 7) R2422P01
- HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
- MSR1000 (Comware 7) R0304P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) R0304P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) R0304P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) R0304P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) E0321
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) R2137
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) R3109P09
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- 5700 (Comware 7) R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6602 (Comware 7) R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 R3109P09
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
iMC
- iMC Plat iMC Plat 7.1 (E0303P13)
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2015:1254-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html Issue date: 2015-07-22 Updated on: 2014-12-15 CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 =====================================================================
- Summary:
Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
-
An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)
-
A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)
-
Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)
-
Using the "--retry" option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding "--retry" no longer causes curl to crash. (BZ#1009455)
-
The "curl --trace-time" command did not use the correct local time when printing timestamps. Now, "curl --trace-time" works as expected. (BZ#1120196)
-
The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)
-
Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
-
The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The "--tlsv1" option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)
-
It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
835898 - Bug in DNS cache causes connections until restart of libcurl-using processes 883002 - curl used with file:// protocol opens and closes a destination file twice 997185 - sendrecv.c example incorrect type for sockfd 1008178 - curl scp download fails in fips mode 1011083 - CA certificate cannot be specified by nickname [documentation bug] 1011101 - manpage typos found using aspell 1058767 - curl does not support ECDSA certificates 1104160 - Link in curl man page is wrong 1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain 1154059 - curl: Disable out-of-protocol fallback to SSL 3.0 1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth 1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS 1156422 - curl does not allow explicit control of DHE ciphers 1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE 1168137 - curl closes connection after HEAD request fails 1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() 1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated 1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
ppc64: curl-7.19.7-46.el6.ppc64.rpm curl-debuginfo-7.19.7-46.el6.ppc.rpm curl-debuginfo-7.19.7-46.el6.ppc64.rpm libcurl-7.19.7-46.el6.ppc.rpm libcurl-7.19.7-46.el6.ppc64.rpm libcurl-devel-7.19.7-46.el6.ppc.rpm libcurl-devel-7.19.7-46.el6.ppc64.rpm
s390x: curl-7.19.7-46.el6.s390x.rpm curl-debuginfo-7.19.7-46.el6.s390.rpm curl-debuginfo-7.19.7-46.el6.s390x.rpm libcurl-7.19.7-46.el6.s390.rpm libcurl-7.19.7-46.el6.s390x.rpm libcurl-devel-7.19.7-46.el6.s390.rpm libcurl-devel-7.19.7-46.el6.s390x.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3613 https://access.redhat.com/security/cve/CVE-2014-3707 https://access.redhat.com/security/cve/CVE-2014-8150 https://access.redhat.com/security/cve/CVE-2015-3143 https://access.redhat.com/security/cve/CVE-2015-3148 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn emWApg/iYw5vIs3rWoqmU7A= =p+Xb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html
Updated Packages:
Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0150", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.28.1", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.12.1", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.13.1", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.16.3", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.13.0", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.12.2", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.16.2", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.13.2", }, { model: "curl", scope: "eq", trust: 1.6, vendor: "haxx", version: "7.12.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.14.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.29.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.14.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.30.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.24.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.5", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.6", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.33.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.13.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.23.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.4", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.5", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.13.1", }, { model: "opensuse", scope: "eq", trust: 1, vendor: "opensuse", version: "13.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.5", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.22.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.32.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.20.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.12.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.13.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.37.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.17.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.20.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.31.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.40.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.7", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.12.0", }, { model: "opensuse", scope: "eq", trust: 1, vendor: "opensuse", version: "13.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.35.0", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.10.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.04", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.36.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.7", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.37.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.6", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.8", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.23.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.26.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.6", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.17.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.14.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "7.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.41.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.30.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.3", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.6", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.3", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.34.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.25.0", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.10.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.28.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.5", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.4", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "15.04", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.22.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.0", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.10.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.27.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.32.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.38.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.7", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.20.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.28.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.31.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.40.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.12.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.12.3", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.29.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.18.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.2", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.14.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.24.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.1", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.10.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.39", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.5", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.8", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.23.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.33.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.17.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.26.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.23.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.41.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.1", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "22", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.5", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.3", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.34.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.28.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.39.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "21", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.25.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "12.04", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.20.1", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.10", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.3", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.17.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.37.1", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.2", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.12.2", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.10.4", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.10.7", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.35.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.15.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.27.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.36.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.7", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.16.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.37.0", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.19.6", }, { model: "libcurl", scope: "eq", trust: 1, vendor: "haxx", version: "7.38.0", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.4", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.7", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.11.1", }, { model: "curl", scope: "eq", trust: 1, vendor: "haxx", version: "7.21.6", }, { model: "system management homepage", scope: "lte", trust: 1, vendor: "hp", version: "7.5.3.1", }, { model: "ubuntu", scope: null, trust: 0.8, vendor: "canonical", version: null, }, { model: "gnu/linux", scope: "eq", trust: 0.8, vendor: "debian", version: "7.0", }, { model: "fedora", scope: null, trust: 0.8, vendor: "fedora", version: null, }, { model: "curl", scope: "eq", trust: 0.8, vendor: "haxx", version: "7.10.6 to 7.41.0", }, { model: "libcurl", scope: "eq", trust: 0.8, vendor: "haxx", version: "7.10.6 to 7.41.0", }, { model: "opensuse", scope: null, trust: 0.8, vendor: "opensuse", version: null, }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.4", }, { model: "comware", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe intelligent management center plat", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "system management homepage", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "opensuse", scope: "eq", trust: 0.6, vendor: "novell", version: "13.2", }, { model: "linux x86 64 -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "hat enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "hat enterprise linux server", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "hat enterprise linux hpc node optional", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "hat enterprise linux hpc node", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "hat enterprise linux desktop optional", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "hat enterprise linux desktop", scope: "eq", trust: 0.3, vendor: "red", version: "6", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, ], sources: [ { db: "BID", id: "74301", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "CNNVD", id: "CNNVD-201504-503", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.3.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-3148", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Isaac Boukris", sources: [ { db: "BID", id: "74301", }, ], trust: 0.3, }, cve: "CVE-2015-3148", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-3148", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-81109", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-3148", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201504-503", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-81109", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-3148", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-81109", }, { db: "VULMON", id: "CVE-2015-3148", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "CNNVD", id: "CNNVD-201504-503", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \ncURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: September 24, 2015\n Bugs: #547376, #552618\n ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl < 7.43.0 >= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is\n similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This could\n allow remote attackers to cause a denial of service (crash). This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions. \n\nCVE-2015-3145\n\n When parsing HTTP cookies, if the parsed cookie's \"path\" element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This could allow remote attackers to\n cause a denial of service (crash). This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04986859\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04986859\nVersion: 1\n\nHPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware\n7 and cURL, Remote Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-19\nLast Updated: 2016-02-19\n\nPotential Security Impact: Remote Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in cURL and libcurl have been addressed\nwith HPE iMC PLAT and other HP and H3C products using Comware 7. The\nvulnerabilities could be exploited remotely resulting in unauthorized access. \n\nReferences:\n\n - CVE-2015-3143\n - CVE-2015-3148\n - SSRT102110\n - PSRT110028\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in Comware 7 and iMC Plat. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) R7375\n * HP Network Products\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JC072B HP 12500 Main Processing Unit\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n - JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis\n - JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis\n - JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis\n - JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis\n - JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit\n - JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module\n - JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module\n - JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module\n - JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module\n - JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module\n - JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module\n - JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module\n - JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule\n - JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module\n - JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module\n - JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module\n - JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module\n - JG798A HP FlexFabric 12508E Fabric Module\n * H3C Products\n - H3C S12508 Routing Switch (AC-1) (0235A0GE)\n - H3C S12518 Routing Switch (AC-1) (0235A0GF)\n - H3C S12508 Chassis (0235A0E6)\n - H3C S12508 Chassis (0235A38N)\n - H3C S12518 Chassis (0235A0E7)\n - H3C S12518 Chassis (0235A38M)\n - H3C 12508 DC Switch Chassis (0235A38L)\n - H3C 12518 DC Switch Chassis (0235A38K)\n + 10500 (Comware 7) R7168\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE\nModule\n - JH192A HP 10500 48-port Gig-T (RJ45) SE Module\n - JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module\n - JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module\n - JH195A HP 10500 6-port 40GbE QSFP+ EC Module\n - JH196A HP 10500 2-port 100GbE CFP EC Module\n - JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module\n + 12900 (Comware 7) R1137\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + 5900 (Comware 7) R2422P01\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + 5920 (Comware 7) R2422P01\n * HP Network Products\n - JG296A HP 5920AF-24XG Switch\n - JG555A HP 5920AF-24XG TAA Switch\n + MSR1000 (Comware 7) R0304P04\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + MSR2000 (Comware 7) R0304P04\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + MSR3000 (Comware 7) R0304P04\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + MSR4000 (Comware 7) R0304P04\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + VSR (Comware 7) E0321\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + 7900 (Comware 7) R2137\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + 5130 (Comware 7) R3109P09\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n + 5700 (Comware 7) R2422P01\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + 5930 (Comware 7) R2422P01\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + HSR6602 (Comware 7) R7103P05\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + HSR6800 (Comware 7) R7103P05\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n - JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit\n + 1950 R3109P09\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n\n**iMC**\n\n + iMC Plat iMC Plat 7.1 (E0303P13)\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n - JG659AAE HP IMC Smart Connect VAE E-LTU\n - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\n - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 19 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer's patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:1254-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html\nIssue date: 2015-07-22\nUpdated on: 2014-12-15\nCVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 \n CVE-2015-3143 CVE-2015-3148 \n=====================================================================\n\n1. Summary:\n\nUpdated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues. \n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API. \n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload. \n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected. \n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS. \nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n835898 - Bug in DNS cache causes connections until restart of libcurl-using processes\n883002 - curl used with file:// protocol opens and closes a destination file twice\n997185 - sendrecv.c example incorrect type for sockfd\n1008178 - curl scp download fails in fips mode\n1011083 - CA certificate cannot be specified by nickname [documentation bug]\n1011101 - manpage typos found using aspell\n1058767 - curl does not support ECDSA certificates\n1104160 - Link in curl man page is wrong\n1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain\n1154059 - curl: Disable out-of-protocol fallback to SSL 3.0\n1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS\n1156422 - curl does not allow explicit control of DHE ciphers\n1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE\n1168137 - curl closes connection after HEAD request fails\n1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()\n1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated\n1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nppc64:\ncurl-7.19.7-46.el6.ppc64.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc64.rpm\nlibcurl-7.19.7-46.el6.ppc.rpm\nlibcurl-7.19.7-46.el6.ppc64.rpm\nlibcurl-devel-7.19.7-46.el6.ppc.rpm\nlibcurl-devel-7.19.7-46.el6.ppc64.rpm\n\ns390x:\ncurl-7.19.7-46.el6.s390x.rpm\ncurl-debuginfo-7.19.7-46.el6.s390.rpm\ncurl-debuginfo-7.19.7-46.el6.s390x.rpm\nlibcurl-7.19.7-46.el6.s390.rpm\nlibcurl-7.19.7-46.el6.s390x.rpm\nlibcurl-devel-7.19.7-46.el6.s390.rpm\nlibcurl-devel-7.19.7-46.el6.s390x.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3613\nhttps://access.redhat.com/security/cve/CVE-2014-3707\nhttps://access.redhat.com/security/cve/CVE-2014-8150\nhttps://access.redhat.com/security/cve/CVE-2015-3143\nhttps://access.redhat.com/security/cve/CVE-2015-3148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn\nemWApg/iYw5vIs3rWoqmU7A=\n=p+Xb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm\n 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm\n 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm\n f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm \n 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security", sources: [ { db: "NVD", id: "CVE-2015-3148", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "BID", id: "74301", }, { db: "VULHUB", id: "VHN-81109", }, { db: "VULMON", id: "CVE-2015-3148", }, { db: "PACKETSTORM", id: "133700", }, { db: "PACKETSTORM", id: "131588", }, { db: "PACKETSTORM", id: "135878", }, { db: "PACKETSTORM", id: "134138", }, { db: "PACKETSTORM", id: "132792", }, { db: "PACKETSTORM", id: "131727", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-3148", trust: 3.5, }, { db: "BID", id: "74301", trust: 1.5, }, { db: "SECTRACK", id: "1032232", trust: 1.2, }, { db: "JUNIPER", id: "JSA10743", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2015-002487", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201504-503", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.0637", trust: 0.6, }, { db: "VULHUB", id: "VHN-81109", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-3148", trust: 0.1, }, { db: "PACKETSTORM", id: "133700", trust: 0.1, }, { db: "PACKETSTORM", id: "131588", trust: 0.1, }, { db: "PACKETSTORM", id: "135878", trust: 0.1, }, { db: "PACKETSTORM", id: "134138", trust: 0.1, }, { db: "PACKETSTORM", id: "132792", trust: 0.1, }, { db: "PACKETSTORM", id: "131727", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-81109", }, { db: "VULMON", id: "CVE-2015-3148", }, { db: "BID", id: "74301", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "PACKETSTORM", id: "133700", }, { db: "PACKETSTORM", id: "131588", }, { db: "PACKETSTORM", id: "135878", }, { db: "PACKETSTORM", id: "134138", }, { db: "PACKETSTORM", id: "132792", }, { db: "PACKETSTORM", id: "131727", }, { db: "CNNVD", id: "CNNVD-201504-503", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, id: "VAR-201504-0150", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-81109", }, ], trust: 0.01, }, last_update_date: "2024-07-23T21:23:08.257000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html", }, { title: "HT205031", trust: 0.8, url: "https://support.apple.com/en-us/ht205031", }, { title: "HT205031", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205031", }, { title: "DSA-3232", trust: 0.8, url: "https://www.debian.org/security/2015/dsa-3232", }, { title: "FEDORA-2015-6695", trust: 0.8, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html", }, { title: "FEDORA-2015-6728", trust: 0.8, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html", }, { title: "FEDORA-2015-6853", trust: 0.8, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html", }, { title: "FEDORA-2015-6864", trust: 0.8, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html", }, { title: "HPSBHF03544", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { title: "HPSBMU03546", trust: 0.8, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763", }, { title: "openSUSE-SU-2015:0799", trust: 0.8, url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { title: "Negotiate not treated as connection-oriented", trust: 0.8, url: "http://curl.haxx.se/docs/adv_20150422b.html", }, { title: "USN-2591-1", trust: 0.8, url: "http://www.ubuntu.com/usn/usn-2591-1", }, { title: "curl-curl-7_42_0", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55216", }, { title: "curl-curl-7_42_0", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55215", }, { title: "Red Hat: Moderate: curl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20170847 - security advisory", }, { title: "Red Hat: Moderate: curl security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20152159 - security advisory", }, { title: "Red Hat: CVE-2015-3148", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-3148", }, { title: "Ubuntu Security Notice: curl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2591-1", }, { title: "Debian Security Advisories: DSA-3232-1 curl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6e7bbc3a8db398caa606cf6110790ac9", }, { title: "Amazon Linux AMI: ALAS-2015-514", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-514", }, { title: "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906", }, { title: "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8", }, ], sources: [ { db: "VULMON", id: "CVE-2015-3148", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "CNNVD", id: "CNNVD-201504-503", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-284", trust: 1.1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-81109", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.1, url: "http://advisories.mageia.org/mgasa-2015-0179.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/74301", }, { trust: 1.3, url: "https://security.gentoo.org/glsa/201509-02", }, { trust: 1.3, url: "http://rhn.redhat.com/errata/rhsa-2015-1254.html", }, { trust: 1.2, url: "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html", }, { trust: 1.2, url: "http://curl.haxx.se/docs/adv_20150422b.html", }, { trust: 1.2, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { trust: 1.2, url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { trust: 1.2, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763", }, { trust: 1.2, url: "https://support.apple.com/kb/ht205031", }, { trust: 1.2, url: "http://www.debian.org/security/2015/dsa-3232", }, { trust: 1.2, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html", }, { trust: 1.2, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html", }, { trust: 1.2, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html", }, { trust: 1.2, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html", }, { trust: 1.2, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html", }, { trust: 1.2, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219", }, { trust: 1.2, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:220", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1032232", }, { trust: 1.2, url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { trust: 1.2, url: "http://www.ubuntu.com/usn/usn-2591-1", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10743", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3148", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3148", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3143", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0637", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3145", }, { trust: 0.3, url: "http://curl.haxx.se/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3144", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-3148", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3237", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3236", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145", }, { trust: 0.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10743", }, { trust: 0.1, url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/284.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2017:0847", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2591-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=38683", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "http://:80\"),", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n", }, { trust: 0.1, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.1, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-3143", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3613", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3707", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8150", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3613", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3707", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-8150", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, ], sources: [ { db: "VULHUB", id: "VHN-81109", }, { db: "VULMON", id: "CVE-2015-3148", }, { db: "BID", id: "74301", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "PACKETSTORM", id: "133700", }, { db: "PACKETSTORM", id: "131588", }, { db: "PACKETSTORM", id: "135878", }, { db: "PACKETSTORM", id: "134138", }, { db: "PACKETSTORM", id: "132792", }, { db: "PACKETSTORM", id: "131727", }, { db: "CNNVD", id: "CNNVD-201504-503", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-81109", }, { db: "VULMON", id: "CVE-2015-3148", }, { db: "BID", id: "74301", }, { db: "JVNDB", id: "JVNDB-2015-002487", }, { db: "PACKETSTORM", id: "133700", }, { db: "PACKETSTORM", id: "131588", }, { db: "PACKETSTORM", id: "135878", }, { db: "PACKETSTORM", id: "134138", }, { db: "PACKETSTORM", id: "132792", }, { db: "PACKETSTORM", id: "131727", }, { db: "CNNVD", id: "CNNVD-201504-503", }, { db: "NVD", id: "CVE-2015-3148", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-04-24T00:00:00", db: "VULHUB", id: "VHN-81109", }, { date: "2015-04-24T00:00:00", db: "VULMON", id: "CVE-2015-3148", }, { date: "2015-04-23T00:00:00", db: "BID", id: "74301", }, { date: "2015-04-28T00:00:00", db: "JVNDB", id: "JVNDB-2015-002487", }, { date: "2015-09-25T06:54:51", db: "PACKETSTORM", id: "133700", }, { date: "2015-04-22T20:15:37", db: "PACKETSTORM", id: "131588", }, { date: "2016-02-23T05:11:25", db: "PACKETSTORM", id: "135878", }, { date: "2015-10-30T23:23:03", db: "PACKETSTORM", id: "134138", }, { date: "2015-07-22T17:57:59", db: "PACKETSTORM", id: "132792", }, { date: "2015-05-04T17:18:27", db: "PACKETSTORM", id: "131727", }, { date: "2015-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201504-503", }, { date: "2015-04-24T14:59:11", db: "NVD", id: "CVE-2015-3148", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-10-30T00:00:00", db: "VULHUB", id: "VHN-81109", }, { date: "2018-10-30T00:00:00", db: "VULMON", id: "CVE-2015-3148", }, { date: "2016-07-05T22:09:00", db: "BID", id: "74301", }, { date: "2016-09-08T00:00:00", db: "JVNDB", id: "JVNDB-2015-002487", }, { date: "2021-02-22T00:00:00", db: "CNNVD", id: "CNNVD-201504-503", }, { date: "2018-10-30T16:27:35.843000", db: "NVD", id: "CVE-2015-3148", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "133700", }, { db: "PACKETSTORM", id: "131727", }, { db: "CNNVD", id: "CNNVD-201504-503", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cURL and libcurl Vulnerabilities connected as other users", sources: [ { db: "JVNDB", id: "JVNDB-2015-002487", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Access Validation Error", sources: [ { db: "BID", id: "74301", }, ], trust: 0.3, }, }
gsd-2015-3148
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-3148", description: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", id: "GSD-2015-3148", references: [ "https://www.suse.com/security/cve/CVE-2015-3148.html", "https://www.debian.org/security/2015/dsa-3232", "https://access.redhat.com/errata/RHSA-2015:2159", "https://access.redhat.com/errata/RHSA-2015:1254", "https://ubuntu.com/security/CVE-2015-3148", "https://advisories.mageia.org/CVE-2015-3148.html", "https://alas.aws.amazon.com/cve/html/CVE-2015-3148.html", "https://linux.oracle.com/cve/CVE-2015-3148.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-3148", ], details: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", id: "GSD-2015-3148", modified: "2023-12-13T01:20:07.817202Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3148", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "HPSBHF03544", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { name: "http://curl.haxx.se/docs/adv_20150422B.html", refsource: "CONFIRM", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { name: "FEDORA-2015-6853", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { name: "DSA-3232", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3232", }, { name: "FEDORA-2015-6712", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { name: "74301", refsource: "BID", url: "http://www.securityfocus.com/bid/74301", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "MDVSA-2015:219", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { name: "USN-2591-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2591-1", }, { name: "1032232", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032232", }, { name: "APPLE-SA-2015-08-13-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "RHSA-2015:1254", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { name: "MDVSA-2015:220", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2015:0799", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { name: "http://advisories.mageia.org/MGASA-2015-0179.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { name: "https://support.apple.com/kb/HT205031", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT205031", }, { name: "GLSA-201509-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201509-02", }, { name: "FEDORA-2015-6728", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { name: "FEDORA-2015-6695", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { name: "FEDORA-2015-6864", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.3.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3148", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3232", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3232", }, { name: "http://curl.haxx.se/docs/adv_20150422B.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { name: "USN-2591-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2591-1", }, { name: "FEDORA-2015-6853", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { name: "FEDORA-2015-6864", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, { name: "MDVSA-2015:220", refsource: "MANDRIVA", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { name: "1032232", refsource: "SECTRACK", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1032232", }, { name: "MDVSA-2015:219", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { name: "FEDORA-2015-6728", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { name: "openSUSE-SU-2015:0799", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { name: "FEDORA-2015-6695", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { name: "http://advisories.mageia.org/MGASA-2015-0179.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { name: "APPLE-SA-2015-08-13-2", refsource: "APPLE", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "https://support.apple.com/kb/HT205031", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT205031", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { name: "HPSBHF03544", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", refsource: "CONFIRM", tags: [], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { name: "GLSA-201509-02", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201509-02", }, { name: "74301", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/74301", }, { name: "FEDORA-2015-6712", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { name: "RHSA-2015:1254", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-30T16:27Z", publishedDate: "2015-04-24T14:59Z", }, }, }
fkie_cve-2015-3148
Vulnerability from fkie_nvd
Published
2015-04-24 14:59
Modified
2024-11-21 02:28
Severity ?
Summary
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C8A2286E-9D1C-4B56-8B40-150201B818AF", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", matchCriteriaId: "0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", matchCriteriaId: "D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", matchCriteriaId: "831B1114-7CA7-43E3-9A15-592218060A1F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", matchCriteriaId: "E8B0A12E-E122-4189-A05E-4FEA43C19876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", matchCriteriaId: "2E1F9453-1FB6-4CA7-9285-A243E56667B5", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", matchCriteriaId: "F79828BB-2412-46AD-BE3C-A51B48E191AF", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", matchCriteriaId: "72D0F13F-D56F-4C1C-A3CF-2E4E704817CC", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", matchCriteriaId: "90A4F2E2-1B43-470E-8935-CB32F12A0124", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", matchCriteriaId: "797DF5C7-509E-48FD-BD04-C66E01748728", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", matchCriteriaId: "47BD868A-CE3B-4E39-A588-C4EDA3265A71", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", matchCriteriaId: "4A2EE400-1C36-40F4-A9D1-9AB432F168BE", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", matchCriteriaId: "06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", matchCriteriaId: "08DCC42C-C881-4AEA-9348-E8317C54D62B", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", matchCriteriaId: "2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", matchCriteriaId: "81CEF54A-9668-4031-926F-9B978DD5CDF7", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", matchCriteriaId: "45068C90-8915-4D19-B36B-993980E28D08", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", matchCriteriaId: "24543011-2458-47B5-984A-901E70084902", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", matchCriteriaId: "FB482A9C-D577-4AEE-A08F-CAFA6586B51E", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", matchCriteriaId: "65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", matchCriteriaId: "60BBDF07-DB97-433E-B542-EFEBE45550DB", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", matchCriteriaId: "CA8BE3F8-82ED-4DD7-991E-979E950C98B1", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", matchCriteriaId: "738AA231-4694-46E8-B559-1594263A9987", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", matchCriteriaId: "E9E1F171-B887-499A-BF4F-538EBF347811", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", matchCriteriaId: "07AA276A-0EBA-4DC9-951C-8F8159FAC7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", matchCriteriaId: "8DEEF534-9AD2-4439-9D69-E91D062C4647", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", matchCriteriaId: "63643BE1-C978-4CD2-8ED1-2B979DB0676E", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", matchCriteriaId: "F6FA04A0-9258-4654-ABCF-F41340B1FA35", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", matchCriteriaId: "DE829230-AFDB-4131-9C6A-D9D7A66C5B57", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", matchCriteriaId: "B7E8BA30-8087-48D4-AE1B-48326FF826B8", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", matchCriteriaId: "47970EFF-2F51-4875-A6BD-E30614E13278", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", matchCriteriaId: "52C9B668-3204-41C5-A82E-262BDFA541DD", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", matchCriteriaId: "08C8EE1E-E186-42D6-8B12-05865C73F261", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", matchCriteriaId: "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", matchCriteriaId: "C2C80901-D48E-4C2A-9BED-A40007A11C97", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", matchCriteriaId: "331A51E4-AA73-486F-9618-5A83965F2436", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", matchCriteriaId: "EB32DF2C-9208-4853-ADEB-B00D764D7467", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", matchCriteriaId: "E05636DC-7E38-4605-AAB8-81C0AE37520A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", matchCriteriaId: "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", matchCriteriaId: "F2171C7C-311A-4405-B95F-3A54966FA844", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", matchCriteriaId: "5DE20A41-8B53-46FC-9002-69CC7495171F", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", matchCriteriaId: "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", matchCriteriaId: "5293C7F0-BF9F-4768-889A-876CE78903CC", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", matchCriteriaId: "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", matchCriteriaId: "857B244C-2AFB-40C7-A893-7C6DE9871BCE", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", matchCriteriaId: "B732CE55-820A-40E0-A885-71BBB6CF8C15", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", matchCriteriaId: "0455A5F2-1515-4CD8-BA2F-74D28E91A661", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", matchCriteriaId: "29034B3A-BE9D-4D68-8C56-4465C03C3693", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", matchCriteriaId: "6249538E-FBCB-4130-91FB-DA78D7BA45DE", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", matchCriteriaId: "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", matchCriteriaId: "9EAE25A0-3828-46F1-AB30-88732CBC9F38", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", matchCriteriaId: "1533A85C-2160-445D-8787-E624AEDC5A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", matchCriteriaId: "D87B9393-7EA4-43DA-900C-7E840AE2D4C2", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", matchCriteriaId: "7D1249E9-304F-4952-8DAB-8B79CE5E7D54", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", matchCriteriaId: "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", matchCriteriaId: "29F8FF1F-A639-4161-9366-62528AAF4C07", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", matchCriteriaId: "812AB429-379A-4EDE-9664-5BC2989053F6", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", matchCriteriaId: "13DD791F-C4BD-4456-955A-92E84082AA09", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", matchCriteriaId: "4A17E442-45AA-4780-98B4-9BF764DCC1C5", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", matchCriteriaId: "F6AF544C-5F16-4434-B9FB-93B1B7318950", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", matchCriteriaId: "CBFD9ED9-2412-44AE-9C55-0ED03A121B23", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", matchCriteriaId: "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", matchCriteriaId: "9E66A332-ECD1-4452-B444-FB629022FDF0", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", matchCriteriaId: "CDD3D599-35E9-4590-B5E0-3AF04D344695", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", matchCriteriaId: "A3B6BFFB-7967-482C-9B49-4BD25C815299", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", matchCriteriaId: "1791BF6D-2C96-4A6E-90D4-2906A73601F6", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", matchCriteriaId: "260DD751-4145-4B75-B892-5FC932C6A305", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", matchCriteriaId: "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", matchCriteriaId: "3EB1CB85-0A9B-4816-B471-278774EE6D4C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", matchCriteriaId: "3831AB03-4E7E-476D-9623-58AADC188DFE", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", matchCriteriaId: "ABACE305-2F0C-4B59-BC5C-6DF162B450E4", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", matchCriteriaId: "6FAC1B55-F492-484E-B837-E7745682DE0A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", matchCriteriaId: "E0D57914-B40A-462B-9C78-6433BE2B2DB4", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", matchCriteriaId: "A9A12DF7-62C5-46AD-9236-E2821C64156E", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", matchCriteriaId: "4C43697D-390A-4AC0-A5D8-62B6D22245BF", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*", matchCriteriaId: "D52E9E9F-7A35-4CB9-813E-5A1D4A36415C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*", matchCriteriaId: "257291FB-969C-4413-BA81-806B5E1B40A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", matchCriteriaId: "D06BF4CE-299F-42E4-BA0A-5D68788C92DF", versionEndIncluding: "7.5.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", matchCriteriaId: "5D65CDC0-580B-42B3-97E8-69BE44CDB68C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", matchCriteriaId: "01001EEA-AB99-4041-8188-38CEBE9C3031", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", matchCriteriaId: "31DB0DA3-88B7-43ED-8102-CEBC28524CE3", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", matchCriteriaId: "87596B6A-A7B3-4256-9982-45D3B6E3E018", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", matchCriteriaId: "0045855F-A707-415A-AC12-6981B68B08E5", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", matchCriteriaId: "B49807DC-0BDA-41F6-BB76-7C62328D245F", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", matchCriteriaId: "0A78B6B8-9F4B-46AC-BB04-7EBADC690CBC", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", matchCriteriaId: "EFE80B46-33F0-4338-AF37-9E7E31FC5E83", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", matchCriteriaId: "DD38D8C6-9EEE-4160-9353-773943A560B0", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", matchCriteriaId: "FD33549E-EFFB-466F-8B47-BE036D454693", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", matchCriteriaId: "16BB71C8-3564-4E69-A2C3-E9AB1F9EF20C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", matchCriteriaId: "4966AA12-15DB-44E5-84AF-9D7AF4A52F86", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", matchCriteriaId: "827B6C8A-59C4-4714-9406-5C8EB5073AB5", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", matchCriteriaId: "93A11305-E4FF-473B-9415-AF1F0E7A27D9", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", matchCriteriaId: "8444095B-AF8F-42B5-BD4D-9CBE9238E42D", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", matchCriteriaId: "C22F23AE-02AB-42F0-AA16-D2F8C94E5DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", matchCriteriaId: "B33DE520-BD2A-4499-B1F8-1439AE16AB57", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", matchCriteriaId: "041FCB20-E74F-4550-AC48-EE4E5875E118", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", matchCriteriaId: "D16DBA5E-582F-4648-932E-8A1EFB7FE3D3", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", matchCriteriaId: "A25323F4-7C67-4097-AD53-A6B9E6D96BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", matchCriteriaId: "36919682-F59E-4EC0-886C-AE967F636753", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", matchCriteriaId: "B45AF234-3651-4367-BFEF-8766F66FB138", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E46A9126-A02E-44CD-885D-0956E0C87C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", matchCriteriaId: "91E9C756-7FE3-4197-8C18-99CD1F49B0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", matchCriteriaId: "88806B7D-5EFE-4F91-B115-732882D2C126", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", matchCriteriaId: "5BB9E8AB-B3EC-4743-B39B-7325EEB17233", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", matchCriteriaId: "5030FBB0-C95B-4ADE-BFC2-CCA37AAD019B", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", matchCriteriaId: "5513618A-6770-4292-95D1-68F55D8343CD", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", matchCriteriaId: "7494C01F-E9EC-406E-879A-B2045865E282", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", matchCriteriaId: "7DD9F894-4576-4ED1-9F55-4C27ECE7E058", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", matchCriteriaId: "49AFACAC-BBAF-469B-BF05-0478E987120F", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", matchCriteriaId: "6A136E86-0697-4915-BC49-F570C776EDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", matchCriteriaId: "ECB241AF-A01D-4FD6-B98A-F4C20F844C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B61901-F7DF-4805-8EB7-CA1701CA81CE", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", matchCriteriaId: "EB0CDEC9-224A-4668-B2E4-2145653E3F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", matchCriteriaId: "E92BE9CB-F001-47A0-94E0-48FC01A63FE5", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", matchCriteriaId: "324E2A20-2F66-4E03-9A7F-A09E631E9033", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", matchCriteriaId: "C8987B53-BD80-40B9-8429-21AD97208040", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", matchCriteriaId: "490D1BDC-33B9-43BA-B6DA-42DEE577082A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", matchCriteriaId: "B465BE7E-0B4D-4BC4-894B-3F51A201CE91", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA17087-3021-4961-B53C-CDCC872A31A2", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", matchCriteriaId: "E5CA3936-4602-40E6-B75C-58D3F24268E9", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", matchCriteriaId: "D87C110C-21DD-438A-90EF-BE516CF59F3C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", matchCriteriaId: "AD2D9E0E-2EED-4FB5-859C-05226FC48D7E", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", matchCriteriaId: "7CA01E21-71CE-4B07-B5A6-D0D7AC493A5D", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", matchCriteriaId: "51239254-31CE-4BF7-8669-1525BA391362", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", matchCriteriaId: "2E2BE20D-232D-4C86-81B0-C82CCC1CAA62", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", matchCriteriaId: "D652FD7C-1521-4391-AAE1-0A4D6F4CE8F8", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", matchCriteriaId: "DB861143-F809-45CF-95BE-E64F4BA1A0DC", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", matchCriteriaId: "E3480F4A-0AE0-4428-9EDA-5A6B994909A7", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", matchCriteriaId: "936BF59E-33A8-46BA-9FBD-8763812E2F10", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", matchCriteriaId: "33168C81-6DAE-40D6-9693-68390CD71DA9", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", matchCriteriaId: "424F9604-AA9A-4D45-A521-0BDEDB723659", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", matchCriteriaId: "DC6EBCEB-E52C-4FF5-B15A-6960F58090EA", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", matchCriteriaId: "D204E994-4591-403C-8EF3-D3B7BF4AA1A6", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", matchCriteriaId: "EBF5418D-1162-4B1E-BC3D-06A3E084BEFB", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", matchCriteriaId: "1CA65F31-3D54-4F66-A0A3-2BD993FF38F7", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", matchCriteriaId: "41ACC9FE-62FF-424B-B4B8-B033FEAF7686", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", matchCriteriaId: "F8BC39E9-5945-4DC8-ACA8-1C9918D9F279", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", matchCriteriaId: "B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", matchCriteriaId: "5ECABFCB-0D02-4B5B-BB35-C6B3C0896348", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", matchCriteriaId: "5A5176F0-E62F-46FF-B536-DC0680696773", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", matchCriteriaId: "506A3761-3D24-43DB-88D8-4EB5B9E8BA5C", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", matchCriteriaId: "0B6EF8B0-0E86-449C-A500-ACD902A78C7F", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", matchCriteriaId: "4D558CC2-0146-4887-834E-19FCB1D512A3", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", matchCriteriaId: "6931764D-16AB-4546-9CE3-5B4E03BC984A", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*", matchCriteriaId: "6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", matchCriteriaId: "B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", matchCriteriaId: "3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", matchCriteriaId: "5DEBBFCA-6A18-4F8F-B841-50255C952FA0", vulnerable: true, }, { criteria: "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", matchCriteriaId: "FEEAE437-A645-468B-B283-44799658F534", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", }, { lang: "es", value: "cURL y libcurl 7.10.6 hasta la versión 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a través de una solicitud.", }, ], id: "CVE-2015-3148", lastModified: "2024-11-21T02:28:46.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-04-24T14:59:11.000", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { source: "secalert@redhat.com", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3232", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/74301", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1032232", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2591-1", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201509-02", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT205031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/74301", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1032232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2591-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201509-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT205031", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
rhsa-2015_1254
Vulnerability from csaf_redhat
Published
2015-07-20 13:50
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)
* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)
* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)
* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)
* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)
* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)
* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)
* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API.\n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload.\n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS.\nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:1254", url: "https://access.redhat.com/errata/RHSA-2015:1254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "835898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=835898", }, { category: "external", summary: "883002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883002", }, { category: "external", summary: "997185", url: "https://bugzilla.redhat.com/show_bug.cgi?id=997185", }, { category: "external", summary: "1008178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1008178", }, { category: "external", summary: "1011083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011083", }, { category: "external", summary: "1011101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011101", }, { category: "external", summary: "1058767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1058767", }, { category: "external", summary: "1104160", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1104160", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154059", }, { category: "external", summary: "1154747", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154747", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1156422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1156422", }, { category: "external", summary: "1161163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161163", }, { category: "external", summary: "1168137", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168137", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1254.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:34+00:00", generator: { date: "2024-11-22T08:47:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:1254", initial_release_date: "2015-07-20T13:50:03+00:00", revision_history: [ { date: "2015-07-20T13:50:03+00:00", number: "1", summary: "Initial version", }, { date: "2015-07-20T13:50:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.i686", product: { name: "libcurl-devel-0:7.19.7-46.el6.i686", product_id: "libcurl-devel-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.i686", product: { name: "libcurl-0:7.19.7-46.el6.i686", product_id: "libcurl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.i686", product: { name: "curl-debuginfo-0:7.19.7-46.el6.i686", product_id: "curl-debuginfo-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.i686", product: { name: "curl-0:7.19.7-46.el6.i686", product_id: "curl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_id: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.x86_64", product: { name: "curl-0:7.19.7-46.el6.x86_64", product_id: "curl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-0:7.19.7-46.el6.x86_64", product_id: "libcurl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_id: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "curl-0:7.19.7-46.el6.src", product: { name: "curl-0:7.19.7-46.el6.src", product_id: "curl-0:7.19.7-46.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390", product: { name: "libcurl-0:7.19.7-46.el6.s390", product_id: "libcurl-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390", product_id: "libcurl-devel-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390x", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390x", product_id: "libcurl-devel-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.s390x", product: { name: "curl-0:7.19.7-46.el6.s390x", product_id: "curl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390x", product: { name: "libcurl-0:7.19.7-46.el6.s390x", product_id: "libcurl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc", product: { name: "libcurl-0:7.19.7-46.el6.ppc", product_id: "libcurl-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.ppc64", product: { name: "curl-0:7.19.7-46.el6.ppc64", product_id: "curl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-0:7.19.7-46.el6.ppc64", product_id: "libcurl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
RHSA-2015:1254
Vulnerability from csaf_redhat
Published
2015-07-20 13:50
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)
* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)
* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)
* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)
* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)
* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)
* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)
* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API.\n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload.\n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS.\nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:1254", url: "https://access.redhat.com/errata/RHSA-2015:1254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "835898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=835898", }, { category: "external", summary: "883002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883002", }, { category: "external", summary: "997185", url: "https://bugzilla.redhat.com/show_bug.cgi?id=997185", }, { category: "external", summary: "1008178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1008178", }, { category: "external", summary: "1011083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011083", }, { category: "external", summary: "1011101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011101", }, { category: "external", summary: "1058767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1058767", }, { category: "external", summary: "1104160", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1104160", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154059", }, { category: "external", summary: "1154747", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154747", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1156422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1156422", }, { category: "external", summary: "1161163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161163", }, { category: "external", summary: "1168137", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168137", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1254.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:34+00:00", generator: { date: "2024-11-22T08:47:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:1254", initial_release_date: "2015-07-20T13:50:03+00:00", revision_history: [ { date: "2015-07-20T13:50:03+00:00", number: "1", summary: "Initial version", }, { date: "2015-07-20T13:50:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.i686", product: { name: "libcurl-devel-0:7.19.7-46.el6.i686", product_id: "libcurl-devel-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.i686", product: { name: "libcurl-0:7.19.7-46.el6.i686", product_id: "libcurl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.i686", product: { name: "curl-debuginfo-0:7.19.7-46.el6.i686", product_id: "curl-debuginfo-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.i686", product: { name: "curl-0:7.19.7-46.el6.i686", product_id: "curl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_id: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.x86_64", product: { name: "curl-0:7.19.7-46.el6.x86_64", product_id: "curl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-0:7.19.7-46.el6.x86_64", product_id: "libcurl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_id: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "curl-0:7.19.7-46.el6.src", product: { name: "curl-0:7.19.7-46.el6.src", product_id: "curl-0:7.19.7-46.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390", product: { name: "libcurl-0:7.19.7-46.el6.s390", product_id: "libcurl-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390", product_id: "libcurl-devel-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390x", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390x", product_id: "libcurl-devel-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.s390x", product: { name: "curl-0:7.19.7-46.el6.s390x", product_id: "curl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390x", product: { name: "libcurl-0:7.19.7-46.el6.s390x", product_id: "libcurl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc", product: { name: "libcurl-0:7.19.7-46.el6.ppc", product_id: "libcurl-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.ppc64", product: { name: "curl-0:7.19.7-46.el6.ppc64", product_id: "curl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-0:7.19.7-46.el6.ppc64", product_id: "libcurl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
rhsa-2015_2159
Vulnerability from csaf_redhat
Published
2015-11-19 03:26
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl access a specially crafted URL via an HTTP proxy
could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL 3.0 was available with libcurl.
Attackers could abuse the fallback to force downgrade of the SSL version.
The fallback has been removed from libcurl. Users requiring this
functionality can explicitly enable SSL 3.0 through the libcurl API.
(BZ#1154060)
* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can
explicitly disable them through the libcurl API. (BZ#1170339)
* FTP operations such as downloading files took a significantly long time
to complete. Now, the FTP implementation in libcurl correctly sets blocking
direction and estimated timeout for connections, resulting in faster FTP
transfers. (BZ#1218272)
Enhancements:
* With the updated packages, it is possible to explicitly enable or disable
new Advanced Encryption Standard (AES) cipher suites to be used for the TLS
protocol. (BZ#1066065)
* The libcurl library did not implement a non-blocking SSL handshake, which
negatively affected performance of applications based on the libcurl multi
API. The non-blocking SSL handshake has been implemented in libcurl, and
the libcurl multi API now immediately returns the control back to the
application whenever it cannot read or write data from or to the underlying
network socket. (BZ#1091429)
* The libcurl library used an unnecessarily long blocking delay for actions
with no active file descriptors, even for short operations. Some actions,
such as resolving a host name using /etc/hosts, took a long time to
complete. The blocking code in libcurl has been modified so that the
initial delay is short and gradually increases until an event occurs.
(BZ#1130239)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP proxy\ncould use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version.\nThe fallback has been removed from libcurl. Users requiring this\nfunctionality can explicitly enable SSL 3.0 through the libcurl API.\n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can\nexplicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1218272)\n\nEnhancements:\n\n* With the updated packages, it is possible to explicitly enable or disable\nnew Advanced Encryption Standard (AES) cipher suites to be used for the TLS\nprotocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs.\n(BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:2159", url: "https://access.redhat.com/errata/RHSA-2015:2159", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1130239", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1130239", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154060", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1161182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161182", }, { category: "external", summary: "1166264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1166264", }, { category: "external", summary: "1170339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170339", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "1218272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1218272", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2159.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:38+00:00", generator: { date: "2024-11-22T08:47:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:2159", initial_release_date: "2015-11-19T03:26:18+00:00", revision_history: [ { date: "2015-11-19T03:26:18+00:00", number: "1", summary: "Initial version", }, { date: "2015-11-19T03:26:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_id: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_id: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.x86_64", product: { name: "curl-0:7.29.0-25.el7.x86_64", product_id: "curl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-0:7.29.0-25.el7.x86_64", product_id: "libcurl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.i686", product: { name: "libcurl-devel-0:7.29.0-25.el7.i686", product_id: "libcurl-devel-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.i686", product: { name: "curl-debuginfo-0:7.29.0-25.el7.i686", product_id: "curl-debuginfo-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.i686", product: { name: "libcurl-0:7.29.0-25.el7.i686", product_id: "libcurl-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-0:7.29.0-25.el7.src", product: { name: "curl-0:7.29.0-25.el7.src", product_id: "curl-0:7.29.0-25.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64", product: { name: "curl-0:7.29.0-25.el7.ppc64", product_id: "curl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-0:7.29.0-25.el7.ppc64", product_id: "libcurl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc", product: { name: "libcurl-0:7.29.0-25.el7.ppc", product_id: "libcurl-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390x", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390x", product_id: "libcurl-devel-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390x", product: { name: "libcurl-0:7.29.0-25.el7.s390x", product_id: "libcurl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.s390x", product: { name: "curl-0:7.29.0-25.el7.s390x", product_id: "curl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390", product_id: "libcurl-devel-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390", product: { name: "libcurl-0:7.29.0-25.el7.s390", product_id: "libcurl-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64le", product: { name: "curl-0:7.29.0-25.el7.ppc64le", product_id: "curl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_id: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.aarch64", product: { name: "curl-0:7.29.0-25.el7.aarch64", product_id: "curl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-0:7.29.0-25.el7.aarch64", product_id: "libcurl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_id: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
RHSA-2015:2159
Vulnerability from csaf_redhat
Published
2015-11-19 03:26
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl access a specially crafted URL via an HTTP proxy
could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL 3.0 was available with libcurl.
Attackers could abuse the fallback to force downgrade of the SSL version.
The fallback has been removed from libcurl. Users requiring this
functionality can explicitly enable SSL 3.0 through the libcurl API.
(BZ#1154060)
* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can
explicitly disable them through the libcurl API. (BZ#1170339)
* FTP operations such as downloading files took a significantly long time
to complete. Now, the FTP implementation in libcurl correctly sets blocking
direction and estimated timeout for connections, resulting in faster FTP
transfers. (BZ#1218272)
Enhancements:
* With the updated packages, it is possible to explicitly enable or disable
new Advanced Encryption Standard (AES) cipher suites to be used for the TLS
protocol. (BZ#1066065)
* The libcurl library did not implement a non-blocking SSL handshake, which
negatively affected performance of applications based on the libcurl multi
API. The non-blocking SSL handshake has been implemented in libcurl, and
the libcurl multi API now immediately returns the control back to the
application whenever it cannot read or write data from or to the underlying
network socket. (BZ#1091429)
* The libcurl library used an unnecessarily long blocking delay for actions
with no active file descriptors, even for short operations. Some actions,
such as resolving a host name using /etc/hosts, took a long time to
complete. The blocking code in libcurl has been modified so that the
initial delay is short and gradually increases until an event occurs.
(BZ#1130239)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP proxy\ncould use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version.\nThe fallback has been removed from libcurl. Users requiring this\nfunctionality can explicitly enable SSL 3.0 through the libcurl API.\n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can\nexplicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1218272)\n\nEnhancements:\n\n* With the updated packages, it is possible to explicitly enable or disable\nnew Advanced Encryption Standard (AES) cipher suites to be used for the TLS\nprotocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs.\n(BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:2159", url: "https://access.redhat.com/errata/RHSA-2015:2159", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1130239", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1130239", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154060", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1161182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161182", }, { category: "external", summary: "1166264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1166264", }, { category: "external", summary: "1170339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170339", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "1218272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1218272", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2159.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:38+00:00", generator: { date: "2024-11-22T08:47:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:2159", initial_release_date: "2015-11-19T03:26:18+00:00", revision_history: [ { date: "2015-11-19T03:26:18+00:00", number: "1", summary: "Initial version", }, { date: "2015-11-19T03:26:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_id: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_id: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.x86_64", product: { name: "curl-0:7.29.0-25.el7.x86_64", product_id: "curl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-0:7.29.0-25.el7.x86_64", product_id: "libcurl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.i686", product: { name: "libcurl-devel-0:7.29.0-25.el7.i686", product_id: "libcurl-devel-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.i686", product: { name: "curl-debuginfo-0:7.29.0-25.el7.i686", product_id: "curl-debuginfo-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.i686", product: { name: "libcurl-0:7.29.0-25.el7.i686", product_id: "libcurl-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-0:7.29.0-25.el7.src", product: { name: "curl-0:7.29.0-25.el7.src", product_id: "curl-0:7.29.0-25.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64", product: { name: "curl-0:7.29.0-25.el7.ppc64", product_id: "curl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-0:7.29.0-25.el7.ppc64", product_id: "libcurl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc", product: { name: "libcurl-0:7.29.0-25.el7.ppc", product_id: "libcurl-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390x", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390x", product_id: "libcurl-devel-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390x", product: { name: "libcurl-0:7.29.0-25.el7.s390x", product_id: "libcurl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.s390x", product: { name: "curl-0:7.29.0-25.el7.s390x", product_id: "curl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390", product_id: "libcurl-devel-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390", product: { name: "libcurl-0:7.29.0-25.el7.s390", product_id: "libcurl-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64le", product: { name: "curl-0:7.29.0-25.el7.ppc64le", product_id: "curl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_id: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.aarch64", product: { name: "curl-0:7.29.0-25.el7.aarch64", product_id: "curl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-0:7.29.0-25.el7.aarch64", product_id: "libcurl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_id: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
rhsa-2015:2159
Vulnerability from csaf_redhat
Published
2015-11-19 03:26
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl access a specially crafted URL via an HTTP proxy
could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL 3.0 was available with libcurl.
Attackers could abuse the fallback to force downgrade of the SSL version.
The fallback has been removed from libcurl. Users requiring this
functionality can explicitly enable SSL 3.0 through the libcurl API.
(BZ#1154060)
* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can
explicitly disable them through the libcurl API. (BZ#1170339)
* FTP operations such as downloading files took a significantly long time
to complete. Now, the FTP implementation in libcurl correctly sets blocking
direction and estimated timeout for connections, resulting in faster FTP
transfers. (BZ#1218272)
Enhancements:
* With the updated packages, it is possible to explicitly enable or disable
new Advanced Encryption Standard (AES) cipher suites to be used for the TLS
protocol. (BZ#1066065)
* The libcurl library did not implement a non-blocking SSL handshake, which
negatively affected performance of applications based on the libcurl multi
API. The non-blocking SSL handshake has been implemented in libcurl, and
the libcurl multi API now immediately returns the control back to the
application whenever it cannot read or write data from or to the underlying
network socket. (BZ#1091429)
* The libcurl library used an unnecessarily long blocking delay for actions
with no active file descriptors, even for short operations. Some actions,
such as resolving a host name using /etc/hosts, took a long time to
complete. The blocking code in libcurl has been modified so that the
initial delay is short and gradually increases until an event occurs.
(BZ#1130239)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl access a specially crafted URL via an HTTP proxy\ncould use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL 3.0 was available with libcurl.\nAttackers could abuse the fallback to force downgrade of the SSL version.\nThe fallback has been removed from libcurl. Users requiring this\nfunctionality can explicitly enable SSL 3.0 through the libcurl API.\n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can\nexplicitly disable them through the libcurl API. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1218272)\n\nEnhancements:\n\n* With the updated packages, it is possible to explicitly enable or disable\nnew Advanced Encryption Standard (AES) cipher suites to be used for the TLS\nprotocol. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs.\n(BZ#1130239)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:2159", url: "https://access.redhat.com/errata/RHSA-2015:2159", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1130239", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1130239", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154060", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1161182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161182", }, { category: "external", summary: "1166264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1166264", }, { category: "external", summary: "1170339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170339", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "1218272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1218272", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2159.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:38+00:00", generator: { date: "2024-11-22T08:47:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:2159", initial_release_date: "2015-11-19T03:26:18+00:00", revision_history: [ { date: "2015-11-19T03:26:18+00:00", number: "1", summary: "Initial version", }, { date: "2015-11-19T03:26:18+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product: { name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_id: "curl-debuginfo-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_id: "libcurl-devel-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.x86_64", product: { name: "curl-0:7.29.0-25.el7.x86_64", product_id: "curl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.x86_64", product: { name: "libcurl-0:7.29.0-25.el7.x86_64", product_id: "libcurl-0:7.29.0-25.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.i686", product: { name: "libcurl-devel-0:7.29.0-25.el7.i686", product_id: "libcurl-devel-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.i686", product: { name: "curl-debuginfo-0:7.29.0-25.el7.i686", product_id: "curl-debuginfo-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.i686", product: { name: "libcurl-0:7.29.0-25.el7.i686", product_id: "libcurl-0:7.29.0-25.el7.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-0:7.29.0-25.el7.src", product: { name: "curl-0:7.29.0-25.el7.src", product_id: "curl-0:7.29.0-25.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64", product: { name: "curl-0:7.29.0-25.el7.ppc64", product_id: "curl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64", product: { name: "libcurl-0:7.29.0-25.el7.ppc64", product_id: "libcurl-0:7.29.0-25.el7.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc", product: { name: "libcurl-0:7.29.0-25.el7.ppc", product_id: "libcurl-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390x", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390x", product_id: "libcurl-devel-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390x", product: { name: "libcurl-0:7.29.0-25.el7.s390x", product_id: "libcurl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.s390x", product: { name: "curl-0:7.29.0-25.el7.s390x", product_id: "curl-0:7.29.0-25.el7.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.s390", product: { name: "libcurl-devel-0:7.29.0-25.el7.s390", product_id: "libcurl-devel-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.s390", product: { name: "curl-debuginfo-0:7.29.0-25.el7.s390", product_id: "curl-debuginfo-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.s390", product: { name: "libcurl-0:7.29.0-25.el7.s390", product_id: "libcurl-0:7.29.0-25.el7.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-devel-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.ppc64le", product: { name: "libcurl-0:7.29.0-25.el7.ppc64le", product_id: "libcurl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.ppc64le", product: { name: "curl-0:7.29.0-25.el7.ppc64le", product_id: "curl-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_id: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_id: "libcurl-devel-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-0:7.29.0-25.el7.aarch64", product: { name: "curl-0:7.29.0-25.el7.aarch64", product_id: "curl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-0:7.29.0-25.el7.aarch64", product: { name: "libcurl-0:7.29.0-25.el7.aarch64", product_id: "libcurl-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.29.0-25.el7?arch=aarch64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_id: "curl-debuginfo-0:7.29.0-25.el7.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.29.0-25.el7?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", product_id: "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", product_id: "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", product_id: "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.s390x", }, product_reference: "curl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.src", }, product_reference: "curl-0:7.29.0-25.el7.src", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", }, product_reference: "curl-debuginfo-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.aarch64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.i686", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.ppc64le", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.s390x", relates_to_product_reference: "7Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.29.0-25.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", }, product_reference: "libcurl-devel-0:7.29.0-25.el7.x86_64", relates_to_product_reference: "7Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-11-19T03:26:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:2159", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "7Client-optional:curl-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-0:7.29.0-25.el7.s390x", "7Client-optional:curl-0:7.29.0-25.el7.src", "7Client-optional:curl-0:7.29.0-25.el7.x86_64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-0:7.29.0-25.el7.x86_64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Client:curl-0:7.29.0-25.el7.aarch64", "7Client:curl-0:7.29.0-25.el7.ppc64", "7Client:curl-0:7.29.0-25.el7.ppc64le", "7Client:curl-0:7.29.0-25.el7.s390x", "7Client:curl-0:7.29.0-25.el7.src", "7Client:curl-0:7.29.0-25.el7.x86_64", "7Client:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Client:curl-debuginfo-0:7.29.0-25.el7.i686", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Client:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390", "7Client:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Client:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Client:libcurl-0:7.29.0-25.el7.aarch64", "7Client:libcurl-0:7.29.0-25.el7.i686", "7Client:libcurl-0:7.29.0-25.el7.ppc", "7Client:libcurl-0:7.29.0-25.el7.ppc64", "7Client:libcurl-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-0:7.29.0-25.el7.s390", "7Client:libcurl-0:7.29.0-25.el7.s390x", "7Client:libcurl-0:7.29.0-25.el7.x86_64", "7Client:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Client:libcurl-devel-0:7.29.0-25.el7.i686", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Client:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Client:libcurl-devel-0:7.29.0-25.el7.s390", "7Client:libcurl-devel-0:7.29.0-25.el7.s390x", "7Client:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-0:7.29.0-25.el7.src", "7ComputeNode-optional:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode-optional:libcurl-devel-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-0:7.29.0-25.el7.src", "7ComputeNode:curl-0:7.29.0-25.el7.x86_64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.i686", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.s390x", "7ComputeNode:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-0:7.29.0-25.el7.x86_64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.aarch64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.i686", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.s390x", "7ComputeNode:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Server:curl-0:7.29.0-25.el7.aarch64", "7Server:curl-0:7.29.0-25.el7.ppc64", "7Server:curl-0:7.29.0-25.el7.ppc64le", "7Server:curl-0:7.29.0-25.el7.s390x", "7Server:curl-0:7.29.0-25.el7.src", "7Server:curl-0:7.29.0-25.el7.x86_64", "7Server:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Server:curl-debuginfo-0:7.29.0-25.el7.i686", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Server:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390", "7Server:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Server:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Server:libcurl-0:7.29.0-25.el7.aarch64", "7Server:libcurl-0:7.29.0-25.el7.i686", "7Server:libcurl-0:7.29.0-25.el7.ppc", "7Server:libcurl-0:7.29.0-25.el7.ppc64", "7Server:libcurl-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-0:7.29.0-25.el7.s390", "7Server:libcurl-0:7.29.0-25.el7.s390x", "7Server:libcurl-0:7.29.0-25.el7.x86_64", "7Server:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Server:libcurl-devel-0:7.29.0-25.el7.i686", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Server:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Server:libcurl-devel-0:7.29.0-25.el7.s390", "7Server:libcurl-devel-0:7.29.0-25.el7.s390x", "7Server:libcurl-devel-0:7.29.0-25.el7.x86_64", "7Workstation:curl-0:7.29.0-25.el7.aarch64", "7Workstation:curl-0:7.29.0-25.el7.ppc64", "7Workstation:curl-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-0:7.29.0-25.el7.s390x", "7Workstation:curl-0:7.29.0-25.el7.src", "7Workstation:curl-0:7.29.0-25.el7.x86_64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.aarch64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.i686", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.ppc64le", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.s390x", "7Workstation:curl-debuginfo-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-0:7.29.0-25.el7.i686", "7Workstation:libcurl-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-0:7.29.0-25.el7.s390", "7Workstation:libcurl-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-0:7.29.0-25.el7.x86_64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.aarch64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.i686", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64", "7Workstation:libcurl-devel-0:7.29.0-25.el7.ppc64le", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390", "7Workstation:libcurl-devel-0:7.29.0-25.el7.s390x", "7Workstation:libcurl-devel-0:7.29.0-25.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
rhsa-2015:1254
Vulnerability from csaf_redhat
Published
2015-07-20 13:50
Modified
2024-11-22 08:47
Summary
Red Hat Security Advisory: curl security, bug fix, and enhancement update
Notes
Topic
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)
* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)
* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)
* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)
* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)
* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)
* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)
* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user's cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle's duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues.\n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API.\n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload.\n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected.\n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS.\nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2015:1254", url: "https://access.redhat.com/errata/RHSA-2015:1254", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "835898", url: "https://bugzilla.redhat.com/show_bug.cgi?id=835898", }, { category: "external", summary: "883002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883002", }, { category: "external", summary: "997185", url: "https://bugzilla.redhat.com/show_bug.cgi?id=997185", }, { category: "external", summary: "1008178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1008178", }, { category: "external", summary: "1011083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011083", }, { category: "external", summary: "1011101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1011101", }, { category: "external", summary: "1058767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1058767", }, { category: "external", summary: "1104160", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1104160", }, { category: "external", summary: "1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "1154059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154059", }, { category: "external", summary: "1154747", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154747", }, { category: "external", summary: "1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "1156422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1156422", }, { category: "external", summary: "1161163", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161163", }, { category: "external", summary: "1168137", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168137", }, { category: "external", summary: "1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1254.json", }, ], title: "Red Hat Security Advisory: curl security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T08:47:34+00:00", generator: { date: "2024-11-22T08:47:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2015:1254", initial_release_date: "2015-07-20T13:50:03+00:00", revision_history: [ { date: "2015-07-20T13:50:03+00:00", number: "1", summary: "Initial version", }, { date: "2015-07-20T13:50:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T08:47:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.i686", product: { name: "libcurl-devel-0:7.19.7-46.el6.i686", product_id: "libcurl-devel-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.i686", product: { name: "libcurl-0:7.19.7-46.el6.i686", product_id: "libcurl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.i686", product: { name: "curl-debuginfo-0:7.19.7-46.el6.i686", product_id: "curl-debuginfo-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=i686", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.i686", product: { name: "curl-0:7.19.7-46.el6.i686", product_id: "curl-0:7.19.7-46.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_id: "curl-debuginfo-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.x86_64", product: { name: "curl-0:7.19.7-46.el6.x86_64", product_id: "curl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-0:7.19.7-46.el6.x86_64", product_id: "libcurl-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_id: "libcurl-devel-0:7.19.7-46.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "curl-0:7.19.7-46.el6.src", product: { name: "curl-0:7.19.7-46.el6.src", product_id: "curl-0:7.19.7-46.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390", product: { name: "libcurl-0:7.19.7-46.el6.s390", product_id: "libcurl-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390", product_id: "libcurl-devel-0:7.19.7-46.el6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.s390x", product: { name: "libcurl-devel-0:7.19.7-46.el6.s390x", product_id: "libcurl-devel-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_id: "curl-debuginfo-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.s390x", product: { name: "curl-0:7.19.7-46.el6.s390x", product_id: "curl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.s390x", product: { name: "libcurl-0:7.19.7-46.el6.s390x", product_id: "libcurl-0:7.19.7-46.el6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc", product: { name: "libcurl-0:7.19.7-46.el6.ppc", product_id: "libcurl-0:7.19.7-46.el6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_id: "curl-debuginfo-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "curl-0:7.19.7-46.el6.ppc64", product: { name: "curl-0:7.19.7-46.el6.ppc64", product_id: "curl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_id: "libcurl-devel-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.19.7-46.el6?arch=ppc64", }, }, }, { category: "product_version", name: "libcurl-0:7.19.7-46.el6.ppc64", product: { name: "libcurl-0:7.19.7-46.el6.ppc64", product_id: "libcurl-0:7.19.7-46.el6.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.19.7-46.el6?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Client", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode-optional", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6ComputeNode", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Server", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.i686", }, product_reference: "curl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.s390x", }, product_reference: "curl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.src", }, product_reference: "curl-0:7.19.7-46.el6.src", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", }, product_reference: "curl-debuginfo-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.i686", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.ppc64", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.s390x", relates_to_product_reference: "6Workstation", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.19.7-46.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", }, product_reference: "libcurl-devel-0:7.19.7-46.el6.x86_64", relates_to_product_reference: "6Workstation", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Tim Ruehsen", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3613", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2014-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1136154", }, ], notes: [ { category: "description", text: "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handling of IP addresses in cookie domain", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\n\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "RHBZ#1136154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1136154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3613", url: "https://www.cve.org/CVERecord?id=CVE-2014-3613", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3613", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20140910A.html", url: "http://curl.haxx.se/docs/adv_20140910A.html", }, ], release_date: "2014-09-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handling of IP addresses in cookie domain", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Symeon Paraschoudis", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-3707", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2014-10-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1154941", }, ], notes: [ { category: "description", text: "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.", title: "Vulnerability description", }, { category: "summary", text: "curl: incorrect handle duplication after COPYPOSTFIELDS", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\n\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-3707", }, { category: "external", summary: "RHBZ#1154941", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1154941", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-3707", url: "https://www.cve.org/CVERecord?id=CVE-2014-3707", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-3707", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20141105.html", url: "http://curl.haxx.se/docs/adv_20141105.html", }, ], release_date: "2014-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: incorrect handle duplication after COPYPOSTFIELDS", }, { acknowledgments: [ { names: [ "cURL project", ], }, { names: [ "Andrey Labunets", ], organization: "Facebook", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2014-8150", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2015-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1178692", }, ], notes: [ { category: "description", text: "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.", title: "Vulnerability description", }, { category: "summary", text: "curl: URL request injection vulnerability in parseurlandfillconn()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "RHBZ#1178692", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178692", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-8150", url: "https://www.cve.org/CVERecord?id=CVE-2014-8150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-8150", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150108B.html", url: "http://curl.haxx.se/docs/adv_20150108B.html", }, ], release_date: "2015-01-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: URL request injection vulnerability in parseurlandfillconn()", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Paras Sethia", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3143", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213306", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.", title: "Vulnerability description", }, { category: "summary", text: "curl: re-using authenticated connection when unauthenticated", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "RHBZ#1213306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213306", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3143", url: "https://www.cve.org/CVERecord?id=CVE-2015-3143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3143", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422A.html", url: "http://curl.haxx.se/docs/adv_20150422A.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: re-using authenticated connection when unauthenticated", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "curl upstream", }, { names: [ "Isaac Boukris", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2015-3148", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2015-04-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1213351", }, ], notes: [ { category: "description", text: "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.", title: "Vulnerability description", }, { category: "summary", text: "curl: Negotiate not treated as connection-oriented", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "RHBZ#1213351", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1213351", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3148", url: "https://www.cve.org/CVERecord?id=CVE-2015-3148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { category: "external", summary: "http://curl.haxx.se/docs/adv_20150422B.html", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, ], release_date: "2015-04-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2015-07-20T13:50:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2015:1254", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "6Client-optional:curl-0:7.19.7-46.el6.i686", "6Client-optional:curl-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-0:7.19.7-46.el6.s390x", "6Client-optional:curl-0:7.19.7-46.el6.src", "6Client-optional:curl-0:7.19.7-46.el6.x86_64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-0:7.19.7-46.el6.x86_64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Client:curl-0:7.19.7-46.el6.i686", "6Client:curl-0:7.19.7-46.el6.ppc64", "6Client:curl-0:7.19.7-46.el6.s390x", "6Client:curl-0:7.19.7-46.el6.src", "6Client:curl-0:7.19.7-46.el6.x86_64", "6Client:curl-debuginfo-0:7.19.7-46.el6.i686", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Client:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390", "6Client:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Client:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Client:libcurl-0:7.19.7-46.el6.i686", "6Client:libcurl-0:7.19.7-46.el6.ppc", "6Client:libcurl-0:7.19.7-46.el6.ppc64", "6Client:libcurl-0:7.19.7-46.el6.s390", "6Client:libcurl-0:7.19.7-46.el6.s390x", "6Client:libcurl-0:7.19.7-46.el6.x86_64", "6Client:libcurl-devel-0:7.19.7-46.el6.i686", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc", "6Client:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Client:libcurl-devel-0:7.19.7-46.el6.s390", "6Client:libcurl-devel-0:7.19.7-46.el6.s390x", "6Client:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-0:7.19.7-46.el6.src", "6ComputeNode-optional:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode-optional:libcurl-devel-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-0:7.19.7-46.el6.i686", "6ComputeNode:curl-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-0:7.19.7-46.el6.src", "6ComputeNode:curl-0:7.19.7-46.el6.x86_64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.i686", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.s390x", "6ComputeNode:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-0:7.19.7-46.el6.x86_64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.i686", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.ppc64", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.s390x", "6ComputeNode:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Server:curl-0:7.19.7-46.el6.i686", "6Server:curl-0:7.19.7-46.el6.ppc64", "6Server:curl-0:7.19.7-46.el6.s390x", "6Server:curl-0:7.19.7-46.el6.src", "6Server:curl-0:7.19.7-46.el6.x86_64", "6Server:curl-debuginfo-0:7.19.7-46.el6.i686", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Server:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390", "6Server:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Server:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Server:libcurl-0:7.19.7-46.el6.i686", "6Server:libcurl-0:7.19.7-46.el6.ppc", "6Server:libcurl-0:7.19.7-46.el6.ppc64", "6Server:libcurl-0:7.19.7-46.el6.s390", "6Server:libcurl-0:7.19.7-46.el6.s390x", "6Server:libcurl-0:7.19.7-46.el6.x86_64", "6Server:libcurl-devel-0:7.19.7-46.el6.i686", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc", "6Server:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Server:libcurl-devel-0:7.19.7-46.el6.s390", "6Server:libcurl-devel-0:7.19.7-46.el6.s390x", "6Server:libcurl-devel-0:7.19.7-46.el6.x86_64", "6Workstation:curl-0:7.19.7-46.el6.i686", "6Workstation:curl-0:7.19.7-46.el6.ppc64", "6Workstation:curl-0:7.19.7-46.el6.s390x", "6Workstation:curl-0:7.19.7-46.el6.src", "6Workstation:curl-0:7.19.7-46.el6.x86_64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.i686", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.ppc64", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.s390x", "6Workstation:curl-debuginfo-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-0:7.19.7-46.el6.i686", "6Workstation:libcurl-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-0:7.19.7-46.el6.s390", "6Workstation:libcurl-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-0:7.19.7-46.el6.x86_64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.i686", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc", "6Workstation:libcurl-devel-0:7.19.7-46.el6.ppc64", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390", "6Workstation:libcurl-devel-0:7.19.7-46.el6.s390x", "6Workstation:libcurl-devel-0:7.19.7-46.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: Negotiate not treated as connection-oriented", }, ], }
ghsa-28hh-42pj-vp7w
Vulnerability from github
Published
2022-05-14 02:07
Modified
2022-05-14 02:07
Details
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
{ affected: [], aliases: [ "CVE-2015-3148", ], database_specific: { cwe_ids: [ "CWE-284", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2015-04-24T14:59:00Z", severity: "MODERATE", }, details: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", id: "GHSA-28hh-42pj-vp7w", modified: "2022-05-14T02:07:14Z", published: "2022-05-14T02:07:14Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3148", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201509-02", }, { type: "WEB", url: "https://support.apple.com/kb/HT205031", }, { type: "WEB", url: "http://advisories.mageia.org/MGASA-2015-0179.html", }, { type: "WEB", url: "http://curl.haxx.se/docs/adv_20150422B.html", }, { type: "WEB", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=145612005512270&w=2", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2015-1254.html", }, { type: "WEB", url: "http://www.debian.org/security/2015/dsa-3232", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:220", }, { type: "WEB", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { type: "WEB", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/74301", }, { type: "WEB", url: "http://www.securitytracker.com/id/1032232", }, { type: "WEB", url: "http://www.ubuntu.com/usn/USN-2591-1", }, ], schema_version: "1.4.0", severity: [], }
suse-su-2015:0990-1
Vulnerability from csaf_suse
Published
2015-04-29 18:22
Modified
2015-04-29 18:22
Summary
Security update for curl
Notes
Title of the patch
Security update for curl
Description of the patch
curl was updated to fix five security issues.
The following vulnerabilities were fixed:
* CVE-2015-3143: curl could re-use NTML authenticateds connections
* CVE-2015-3144: curl could access memory out of bounds with zero length host names
* CVE-2015-3145: curl cookie parser could access memory out of boundary
* CVE-2015-3148: curl could treat Negotiate as not connection-oriented
* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies
Patchnames
SUSE-SLE-DESKTOP-12-2015-235,SUSE-SLE-SDK-12-2015-235,SUSE-SLE-SERVER-12-2015-235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for curl", title: "Title of the patch", }, { category: "description", text: "curl was updated to fix five security issues.\n\nThe following vulnerabilities were fixed:\n\n* CVE-2015-3143: curl could re-use NTML authenticateds connections\n* CVE-2015-3144: curl could access memory out of bounds with zero length host names\n* CVE-2015-3145: curl cookie parser could access memory out of boundary\n* CVE-2015-3148: curl could treat Negotiate as not connection-oriented\n* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-2015-235,SUSE-SLE-SDK-12-2015-235,SUSE-SLE-SERVER-12-2015-235", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0990-1.json", }, { category: "self", summary: "URL for SUSE-SU-2015:0990-1", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20150990-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:0990-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-June/001421.html", }, { category: "self", summary: "SUSE Bug 927556", url: "https://bugzilla.suse.com/927556", }, { category: "self", summary: "SUSE Bug 927607", url: "https://bugzilla.suse.com/927607", }, { category: "self", summary: "SUSE Bug 927608", url: "https://bugzilla.suse.com/927608", }, { category: "self", summary: "SUSE Bug 927746", url: "https://bugzilla.suse.com/927746", }, { category: "self", summary: "SUSE Bug 928533", url: "https://bugzilla.suse.com/928533", }, { category: "self", summary: "SUSE CVE CVE-2015-3143 page", url: "https://www.suse.com/security/cve/CVE-2015-3143/", }, { category: "self", summary: "SUSE CVE CVE-2015-3144 page", url: "https://www.suse.com/security/cve/CVE-2015-3144/", }, { category: "self", summary: "SUSE CVE CVE-2015-3145 page", url: "https://www.suse.com/security/cve/CVE-2015-3145/", }, { category: "self", summary: "SUSE CVE CVE-2015-3148 page", url: "https://www.suse.com/security/cve/CVE-2015-3148/", }, { category: "self", summary: "SUSE CVE CVE-2015-3153 page", url: "https://www.suse.com/security/cve/CVE-2015-3153/", }, ], title: "Security update for curl", tracking: { current_release_date: "2015-04-29T18:22:39Z", generator: { date: "2015-04-29T18:22:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:0990-1", initial_release_date: "2015-04-29T18:22:39Z", revision_history: [ { date: "2015-04-29T18:22:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libcurl-devel-7.37.0-15.1.ppc64le", product: { name: "libcurl-devel-7.37.0-15.1.ppc64le", product_id: "libcurl-devel-7.37.0-15.1.ppc64le", }, }, { category: "product_version", name: "curl-7.37.0-15.1.ppc64le", product: { name: "curl-7.37.0-15.1.ppc64le", product_id: "curl-7.37.0-15.1.ppc64le", }, }, { category: "product_version", name: "libcurl4-7.37.0-15.1.ppc64le", product: { name: "libcurl4-7.37.0-15.1.ppc64le", product_id: "libcurl4-7.37.0-15.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libcurl-devel-7.37.0-15.1.s390x", product: { name: "libcurl-devel-7.37.0-15.1.s390x", product_id: "libcurl-devel-7.37.0-15.1.s390x", }, }, { category: "product_version", name: "curl-7.37.0-15.1.s390x", product: { name: "curl-7.37.0-15.1.s390x", product_id: "curl-7.37.0-15.1.s390x", }, }, { category: "product_version", name: "libcurl4-7.37.0-15.1.s390x", product: { name: "libcurl4-7.37.0-15.1.s390x", product_id: "libcurl4-7.37.0-15.1.s390x", }, }, { category: "product_version", name: "libcurl4-32bit-7.37.0-15.1.s390x", product: { name: "libcurl4-32bit-7.37.0-15.1.s390x", product_id: "libcurl4-32bit-7.37.0-15.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-7.37.0-15.1.x86_64", product: { name: "curl-7.37.0-15.1.x86_64", product_id: "curl-7.37.0-15.1.x86_64", }, }, { category: "product_version", name: "libcurl4-7.37.0-15.1.x86_64", product: { name: "libcurl4-7.37.0-15.1.x86_64", product_id: "libcurl4-7.37.0-15.1.x86_64", }, }, { category: "product_version", name: "libcurl4-32bit-7.37.0-15.1.x86_64", product: { name: "libcurl4-32bit-7.37.0-15.1.x86_64", product_id: "libcurl4-32bit-7.37.0-15.1.x86_64", }, }, { category: "product_version", name: "libcurl-devel-7.37.0-15.1.x86_64", product: { name: "libcurl-devel-7.37.0-15.1.x86_64", product_id: "libcurl-devel-7.37.0-15.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12", product: { name: "SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12", product_identification_helper: { cpe: "cpe:/o:suse:sled:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12", product: { name: "SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12", product: { name: "SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12", product_identification_helper: { cpe: "cpe:/o:suse:sles:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", }, product_reference: "curl-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-32bit-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", }, product_reference: "libcurl-devel-7.37.0-15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", }, product_reference: "libcurl-devel-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", }, product_reference: "libcurl-devel-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", }, product_reference: "curl-7.37.0-15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", }, product_reference: "curl-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", }, product_reference: "curl-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", }, product_reference: "libcurl4-7.37.0-15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", }, product_reference: "libcurl4-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", }, product_reference: "libcurl4-32bit-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-32bit-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", }, product_reference: "curl-7.37.0-15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", }, product_reference: "curl-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", }, product_reference: "curl-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", }, product_reference: "libcurl4-7.37.0-15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", }, product_reference: "libcurl4-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", }, product_reference: "libcurl4-32bit-7.37.0-15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", }, product_reference: "libcurl4-32bit-7.37.0-15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3143", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3143", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3143", url: "https://www.suse.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "SUSE Bug 927556 for CVE-2015-3143", url: "https://bugzilla.suse.com/927556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-04-29T18:22:39Z", details: "moderate", }, ], title: "CVE-2015-3143", }, { cve: "CVE-2015-3144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3144", }, ], notes: [ { category: "general", text: "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3144", url: "https://www.suse.com/security/cve/CVE-2015-3144", }, { category: "external", summary: "SUSE Bug 927608 for CVE-2015-3144", url: "https://bugzilla.suse.com/927608", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3144", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-04-29T18:22:39Z", details: "important", }, ], title: "CVE-2015-3144", }, { cve: "CVE-2015-3145", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3145", }, ], notes: [ { category: "general", text: "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3145", url: "https://www.suse.com/security/cve/CVE-2015-3145", }, { category: "external", summary: "SUSE Bug 927607 for CVE-2015-3145", url: "https://bugzilla.suse.com/927607", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-04-29T18:22:39Z", details: "important", }, ], title: "CVE-2015-3145", }, { cve: "CVE-2015-3148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3148", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3148", url: "https://www.suse.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "SUSE Bug 1092962 for CVE-2015-3148", url: "https://bugzilla.suse.com/1092962", }, { category: "external", summary: "SUSE Bug 927746 for CVE-2015-3148", url: "https://bugzilla.suse.com/927746", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-04-29T18:22:39Z", details: "moderate", }, ], title: "CVE-2015-3148", }, { cve: "CVE-2015-3153", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3153", }, ], notes: [ { category: "general", text: "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3153", url: "https://www.suse.com/security/cve/CVE-2015-3153", }, { category: "external", summary: "SUSE Bug 928533 for CVE-2015-3153", url: "https://bugzilla.suse.com/928533", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3153", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-04-29T18:22:39Z", details: "moderate", }, ], title: "CVE-2015-3153", }, ], }
suse-su-2015:0962-1
Vulnerability from csaf_suse
Published
2014-04-15 15:50
Modified
2014-04-15 15:50
Summary
Security update for curl
Notes
Title of the patch
Security update for curl
Description of the patch
This curl update fixes the following security issues:
* bnc#868627: wrong re-use of connections (CVE-2014-0138).
* bnc#868629: IP address wildcard certificate validation
(CVE-2014-0139).
* bnc#870444: --insecure option inappropriately enforcing security
safeguard.
Security Issue references:
* CVE-2014-0138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138>
* CVE-2014-0139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139>
Patchnames
sdksp3-curl,sledsp3-curl,slessp3-curl
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for curl", title: "Title of the patch", }, { category: "description", text: "\nThis curl update fixes the following security issues:\n\n * bnc#868627: wrong re-use of connections (CVE-2014-0138).\n * bnc#868629: IP address wildcard certificate validation\n (CVE-2014-0139).\n * bnc#870444: --insecure option inappropriately enforcing security\n safeguard.\n\nSecurity Issue references:\n\n * CVE-2014-0138\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138>\n * CVE-2014-0139\n <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139>\n\n", title: "Description of the patch", }, { category: "details", text: "sdksp3-curl,sledsp3-curl,slessp3-curl", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0962-1.json", }, { category: "self", summary: "URL for SUSE-SU-2015:0962-1", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20150962-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:0962-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-May/001414.html", }, { category: "self", summary: "SUSE Bug 824517", url: "https://bugzilla.suse.com/824517", }, { category: "self", summary: "SUSE Bug 849596", url: "https://bugzilla.suse.com/849596", }, { category: "self", summary: "SUSE Bug 858673", url: "https://bugzilla.suse.com/858673", }, { category: "self", summary: "SUSE Bug 868627", url: "https://bugzilla.suse.com/868627", }, { category: "self", summary: "SUSE Bug 868629", url: "https://bugzilla.suse.com/868629", }, { category: "self", summary: "SUSE Bug 870444", url: "https://bugzilla.suse.com/870444", }, { category: "self", summary: "SUSE Bug 927174", url: "https://bugzilla.suse.com/927174", }, { category: "self", summary: "SUSE Bug 927556", url: "https://bugzilla.suse.com/927556", }, { category: "self", summary: "SUSE Bug 927746", url: "https://bugzilla.suse.com/927746", }, { category: "self", summary: "SUSE Bug 928533", url: "https://bugzilla.suse.com/928533", }, { category: "self", summary: "SUSE CVE CVE-2013-2174 page", url: "https://www.suse.com/security/cve/CVE-2013-2174/", }, { category: "self", summary: "SUSE CVE CVE-2013-4545 page", url: "https://www.suse.com/security/cve/CVE-2013-4545/", }, { category: "self", summary: "SUSE CVE CVE-2014-0015 page", url: "https://www.suse.com/security/cve/CVE-2014-0015/", }, { category: "self", summary: "SUSE CVE CVE-2014-0138 page", url: "https://www.suse.com/security/cve/CVE-2014-0138/", }, { category: "self", summary: "SUSE CVE CVE-2014-0139 page", url: "https://www.suse.com/security/cve/CVE-2014-0139/", }, { category: "self", summary: "SUSE CVE CVE-2015-3143 page", url: "https://www.suse.com/security/cve/CVE-2015-3143/", }, { category: "self", summary: "SUSE CVE CVE-2015-3148 page", url: "https://www.suse.com/security/cve/CVE-2015-3148/", }, { category: "self", summary: "SUSE CVE CVE-2015-3153 page", url: "https://www.suse.com/security/cve/CVE-2015-3153/", }, ], title: "Security update for curl", tracking: { current_release_date: "2014-04-15T15:50:15Z", generator: { date: "2014-04-15T15:50:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:0962-1", initial_release_date: "2014-04-15T15:50:15Z", revision_history: [ { date: "2014-04-15T15:50:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libcurl-devel-7.19.7-1.38.1.i586", product: { name: "libcurl-devel-7.19.7-1.38.1.i586", product_id: "libcurl-devel-7.19.7-1.38.1.i586", }, }, { category: "product_version", name: "curl-7.19.7-1.38.1.i586", product: { name: "curl-7.19.7-1.38.1.i586", product_id: "curl-7.19.7-1.38.1.i586", }, }, { category: "product_version", name: "libcurl4-7.19.7-1.38.1.i586", product: { name: "libcurl4-7.19.7-1.38.1.i586", product_id: "libcurl4-7.19.7-1.38.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libcurl-devel-7.19.7-1.38.1.ia64", product: { name: "libcurl-devel-7.19.7-1.38.1.ia64", product_id: "libcurl-devel-7.19.7-1.38.1.ia64", }, }, { category: "product_version", name: "curl-7.19.7-1.38.1.ia64", product: { name: "curl-7.19.7-1.38.1.ia64", product_id: "curl-7.19.7-1.38.1.ia64", }, }, { category: "product_version", name: "libcurl4-7.19.7-1.38.1.ia64", product: { name: "libcurl4-7.19.7-1.38.1.ia64", product_id: "libcurl4-7.19.7-1.38.1.ia64", }, }, { category: "product_version", name: "libcurl4-x86-7.19.7-1.38.1.ia64", product: { name: "libcurl4-x86-7.19.7-1.38.1.ia64", product_id: "libcurl4-x86-7.19.7-1.38.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libcurl-devel-7.19.7-1.38.1.ppc64", product: { name: "libcurl-devel-7.19.7-1.38.1.ppc64", product_id: "libcurl-devel-7.19.7-1.38.1.ppc64", }, }, { category: "product_version", name: "curl-7.19.7-1.38.1.ppc64", product: { name: "curl-7.19.7-1.38.1.ppc64", product_id: "curl-7.19.7-1.38.1.ppc64", }, }, { category: "product_version", name: "libcurl4-7.19.7-1.38.1.ppc64", product: { name: "libcurl4-7.19.7-1.38.1.ppc64", product_id: "libcurl4-7.19.7-1.38.1.ppc64", }, }, { category: "product_version", name: "libcurl4-32bit-7.19.7-1.38.1.ppc64", product: { name: "libcurl4-32bit-7.19.7-1.38.1.ppc64", product_id: "libcurl4-32bit-7.19.7-1.38.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libcurl-devel-7.19.7-1.38.1.s390x", product: { name: "libcurl-devel-7.19.7-1.38.1.s390x", product_id: "libcurl-devel-7.19.7-1.38.1.s390x", }, }, { category: "product_version", name: "curl-7.19.7-1.38.1.s390x", product: { name: "curl-7.19.7-1.38.1.s390x", product_id: "curl-7.19.7-1.38.1.s390x", }, }, { category: "product_version", name: "libcurl4-7.19.7-1.38.1.s390x", product: { name: "libcurl4-7.19.7-1.38.1.s390x", product_id: "libcurl4-7.19.7-1.38.1.s390x", }, }, { category: "product_version", name: "libcurl4-32bit-7.19.7-1.38.1.s390x", product: { name: "libcurl4-32bit-7.19.7-1.38.1.s390x", product_id: "libcurl4-32bit-7.19.7-1.38.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libcurl-devel-7.19.7-1.38.1.x86_64", product: { name: "libcurl-devel-7.19.7-1.38.1.x86_64", product_id: "libcurl-devel-7.19.7-1.38.1.x86_64", }, }, { category: "product_version", name: "curl-7.19.7-1.38.1.x86_64", product: { name: "curl-7.19.7-1.38.1.x86_64", product_id: "curl-7.19.7-1.38.1.x86_64", }, }, { category: "product_version", name: "libcurl4-7.19.7-1.38.1.x86_64", product: { name: "libcurl4-7.19.7-1.38.1.x86_64", product_id: "libcurl4-7.19.7-1.38.1.x86_64", }, }, { category: "product_version", name: "libcurl4-32bit-7.19.7-1.38.1.x86_64", product: { name: "libcurl4-32bit-7.19.7-1.38.1.x86_64", product_id: "libcurl4-32bit-7.19.7-1.38.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 11 SP3", product: { name: "SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:suse_sled:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3", product: { name: "SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product: { name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_identification_helper: { cpe: "cpe:/o:suse:sles:11:sp3:teradata", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", }, product_reference: "libcurl-devel-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", }, product_reference: "libcurl-devel-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl-devel-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", }, product_reference: "libcurl-devel-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl-devel-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", }, product_reference: "curl-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", }, product_reference: "curl-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", }, product_reference: "libcurl4-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3", product_id: "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", }, product_reference: "curl-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", }, product_reference: "curl-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", }, product_reference: "curl-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", }, product_reference: "curl-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", }, product_reference: "curl-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", }, product_reference: "libcurl4-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-x86-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3", product_id: "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-x86-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", }, product_reference: "curl-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", }, product_reference: "curl-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", }, product_reference: "curl-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", }, product_reference: "curl-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", }, product_reference: "curl-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", }, product_reference: "libcurl4-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "libcurl4-x86-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-x86-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", }, product_reference: "curl-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", }, product_reference: "curl-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", }, product_reference: "curl-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", }, product_reference: "curl-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "curl-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", }, product_reference: "curl-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", }, product_reference: "libcurl4-7.19.7-1.38.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.19.7-1.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", }, product_reference: "libcurl4-32bit-7.19.7-1.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, { category: "default_component_of", full_product_name: { name: "libcurl4-x86-7.19.7-1.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", }, product_reference: "libcurl4-x86-7.19.7-1.38.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2174", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2174", url: "https://www.suse.com/security/cve/CVE-2013-2174", }, { category: "external", summary: "SUSE Bug 824517 for CVE-2013-2174", url: "https://bugzilla.suse.com/824517", }, { category: "external", summary: "SUSE Bug 917692 for CVE-2013-2174", url: "https://bugzilla.suse.com/917692", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2013-2174", }, { cve: "CVE-2013-4545", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4545", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4545", url: "https://www.suse.com/security/cve/CVE-2013-4545", }, { category: "external", summary: "SUSE Bug 849596 for CVE-2013-4545", url: "https://bugzilla.suse.com/849596", }, { category: "external", summary: "SUSE Bug 870444 for CVE-2013-4545", url: "https://bugzilla.suse.com/870444", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2013-4545", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2013-4545", url: "https://bugzilla.suse.com/882520", }, { category: "external", summary: "SUSE Bug 924250 for CVE-2013-4545", url: "https://bugzilla.suse.com/924250", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2013-4545", }, { cve: "CVE-2014-0015", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0015", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0015", url: "https://www.suse.com/security/cve/CVE-2014-0015", }, { category: "external", summary: "SUSE Bug 858673 for CVE-2014-0015", url: "https://bugzilla.suse.com/858673", }, { category: "external", summary: "SUSE Bug 868627 for CVE-2014-0015", url: "https://bugzilla.suse.com/868627", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0015", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0015", url: "https://bugzilla.suse.com/882520", }, { category: "external", summary: "SUSE Bug 927556 for CVE-2014-0015", url: "https://bugzilla.suse.com/927556", }, { category: "external", summary: "SUSE Bug 962983 for CVE-2014-0015", url: "https://bugzilla.suse.com/962983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "low", }, ], title: "CVE-2014-0015", }, { cve: "CVE-2014-0138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0138", }, ], notes: [ { category: "general", text: "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0138", url: "https://www.suse.com/security/cve/CVE-2014-0138", }, { category: "external", summary: "SUSE Bug 868627 for CVE-2014-0138", url: "https://bugzilla.suse.com/868627", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0138", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0138", url: "https://bugzilla.suse.com/882520", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2014-0138", }, { cve: "CVE-2014-0139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0139", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0139", url: "https://www.suse.com/security/cve/CVE-2014-0139", }, { category: "external", summary: "SUSE Bug 868629 for CVE-2014-0139", url: "https://bugzilla.suse.com/868629", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0139", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0139", url: "https://bugzilla.suse.com/882520", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2014-0139", }, { cve: "CVE-2015-3143", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3143", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3143", url: "https://www.suse.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "SUSE Bug 927556 for CVE-2015-3143", url: "https://bugzilla.suse.com/927556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2015-3143", }, { cve: "CVE-2015-3148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3148", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3148", url: "https://www.suse.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "SUSE Bug 1092962 for CVE-2015-3148", url: "https://bugzilla.suse.com/1092962", }, { category: "external", summary: "SUSE Bug 927746 for CVE-2015-3148", url: "https://bugzilla.suse.com/927746", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2015-3148", }, { cve: "CVE-2015-3153", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3153", }, ], notes: [ { category: "general", text: "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3153", url: "https://www.suse.com/security/cve/CVE-2015-3153", }, { category: "external", summary: "SUSE Bug 928533 for CVE-2015-3153", url: "https://bugzilla.suse.com/928533", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3153", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2014-04-15T15:50:15Z", details: "moderate", }, ], title: "CVE-2015-3153", }, ], }
opensuse-su-2024:10303-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
curl-7.51.0-1.1 on GA media
Notes
Title of the patch
curl-7.51.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10303
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "curl-7.51.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10303", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10303-1.json", }, { category: "self", summary: "SUSE CVE CVE-2009-0037 page", url: "https://www.suse.com/security/cve/CVE-2009-0037/", }, { category: "self", summary: "SUSE CVE CVE-2009-2417 page", url: "https://www.suse.com/security/cve/CVE-2009-2417/", }, { category: "self", summary: "SUSE CVE CVE-2013-0249 page", url: "https://www.suse.com/security/cve/CVE-2013-0249/", }, { category: "self", summary: "SUSE CVE CVE-2013-1944 page", url: "https://www.suse.com/security/cve/CVE-2013-1944/", }, { category: "self", summary: "SUSE CVE CVE-2013-2174 page", url: "https://www.suse.com/security/cve/CVE-2013-2174/", }, { category: "self", summary: "SUSE CVE CVE-2013-4545 page", url: "https://www.suse.com/security/cve/CVE-2013-4545/", }, { category: "self", summary: "SUSE CVE CVE-2014-0015 page", url: "https://www.suse.com/security/cve/CVE-2014-0015/", }, { category: "self", summary: "SUSE CVE CVE-2014-0138 page", url: "https://www.suse.com/security/cve/CVE-2014-0138/", }, { category: "self", summary: "SUSE CVE CVE-2014-0139 page", url: "https://www.suse.com/security/cve/CVE-2014-0139/", }, { category: "self", summary: "SUSE CVE CVE-2014-3613 page", url: "https://www.suse.com/security/cve/CVE-2014-3613/", }, { category: "self", summary: "SUSE CVE CVE-2014-3620 page", url: "https://www.suse.com/security/cve/CVE-2014-3620/", }, { category: "self", summary: "SUSE CVE CVE-2014-8150 page", url: "https://www.suse.com/security/cve/CVE-2014-8150/", }, { category: "self", summary: "SUSE CVE CVE-2015-3143 page", url: "https://www.suse.com/security/cve/CVE-2015-3143/", }, { category: "self", summary: "SUSE CVE CVE-2015-3144 page", url: "https://www.suse.com/security/cve/CVE-2015-3144/", }, { category: "self", summary: "SUSE CVE CVE-2015-3145 page", url: "https://www.suse.com/security/cve/CVE-2015-3145/", }, { category: "self", summary: "SUSE CVE CVE-2015-3148 page", url: "https://www.suse.com/security/cve/CVE-2015-3148/", }, { category: "self", summary: "SUSE CVE CVE-2015-3153 page", url: "https://www.suse.com/security/cve/CVE-2015-3153/", }, { category: "self", summary: "SUSE CVE CVE-2015-3236 page", url: "https://www.suse.com/security/cve/CVE-2015-3236/", }, { category: "self", summary: "SUSE CVE CVE-2015-3237 page", url: "https://www.suse.com/security/cve/CVE-2015-3237/", }, { category: "self", summary: "SUSE CVE CVE-2016-0755 page", url: "https://www.suse.com/security/cve/CVE-2016-0755/", }, { category: "self", summary: "SUSE CVE CVE-2016-7167 page", url: "https://www.suse.com/security/cve/CVE-2016-7167/", }, { category: "self", summary: "SUSE CVE CVE-2016-8615 page", url: "https://www.suse.com/security/cve/CVE-2016-8615/", }, { category: "self", summary: "SUSE CVE CVE-2016-8616 page", url: "https://www.suse.com/security/cve/CVE-2016-8616/", }, { category: "self", summary: "SUSE CVE CVE-2016-8617 page", url: "https://www.suse.com/security/cve/CVE-2016-8617/", }, { category: "self", summary: "SUSE CVE CVE-2016-8618 page", url: "https://www.suse.com/security/cve/CVE-2016-8618/", }, { category: "self", summary: "SUSE CVE CVE-2016-8619 page", url: "https://www.suse.com/security/cve/CVE-2016-8619/", }, { category: "self", summary: "SUSE CVE CVE-2016-8620 page", url: "https://www.suse.com/security/cve/CVE-2016-8620/", }, { category: "self", summary: "SUSE CVE CVE-2016-8621 page", url: "https://www.suse.com/security/cve/CVE-2016-8621/", }, { category: "self", summary: "SUSE CVE CVE-2016-8622 page", url: "https://www.suse.com/security/cve/CVE-2016-8622/", }, { category: "self", summary: "SUSE CVE CVE-2016-8623 page", url: "https://www.suse.com/security/cve/CVE-2016-8623/", }, { category: "self", summary: "SUSE CVE CVE-2016-8624 page", url: "https://www.suse.com/security/cve/CVE-2016-8624/", }, { category: "self", summary: "SUSE CVE CVE-2016-8625 page", url: "https://www.suse.com/security/cve/CVE-2016-8625/", }, ], title: "curl-7.51.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10303-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "curl-7.51.0-1.1.aarch64", product: { name: "curl-7.51.0-1.1.aarch64", product_id: "curl-7.51.0-1.1.aarch64", }, }, { category: "product_version", name: "libcurl-devel-7.51.0-1.1.aarch64", product: { name: "libcurl-devel-7.51.0-1.1.aarch64", product_id: "libcurl-devel-7.51.0-1.1.aarch64", }, }, { category: "product_version", name: "libcurl-devel-32bit-7.51.0-1.1.aarch64", product: { name: "libcurl-devel-32bit-7.51.0-1.1.aarch64", product_id: "libcurl-devel-32bit-7.51.0-1.1.aarch64", }, }, { category: "product_version", name: "libcurl4-7.51.0-1.1.aarch64", product: { name: "libcurl4-7.51.0-1.1.aarch64", product_id: "libcurl4-7.51.0-1.1.aarch64", }, }, { category: "product_version", name: "libcurl4-32bit-7.51.0-1.1.aarch64", product: { name: "libcurl4-32bit-7.51.0-1.1.aarch64", product_id: "libcurl4-32bit-7.51.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "curl-7.51.0-1.1.ppc64le", product: { name: "curl-7.51.0-1.1.ppc64le", product_id: "curl-7.51.0-1.1.ppc64le", }, }, { category: "product_version", name: "libcurl-devel-7.51.0-1.1.ppc64le", product: { name: "libcurl-devel-7.51.0-1.1.ppc64le", product_id: "libcurl-devel-7.51.0-1.1.ppc64le", }, }, { category: "product_version", name: "libcurl-devel-32bit-7.51.0-1.1.ppc64le", product: { name: "libcurl-devel-32bit-7.51.0-1.1.ppc64le", product_id: "libcurl-devel-32bit-7.51.0-1.1.ppc64le", }, }, { category: "product_version", name: "libcurl4-7.51.0-1.1.ppc64le", product: { name: "libcurl4-7.51.0-1.1.ppc64le", product_id: "libcurl4-7.51.0-1.1.ppc64le", }, }, { category: "product_version", name: "libcurl4-32bit-7.51.0-1.1.ppc64le", product: { name: "libcurl4-32bit-7.51.0-1.1.ppc64le", product_id: "libcurl4-32bit-7.51.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "curl-7.51.0-1.1.s390x", product: { name: "curl-7.51.0-1.1.s390x", product_id: "curl-7.51.0-1.1.s390x", }, }, { category: "product_version", name: "libcurl-devel-7.51.0-1.1.s390x", product: { name: "libcurl-devel-7.51.0-1.1.s390x", product_id: "libcurl-devel-7.51.0-1.1.s390x", }, }, { category: "product_version", name: "libcurl-devel-32bit-7.51.0-1.1.s390x", product: { name: "libcurl-devel-32bit-7.51.0-1.1.s390x", product_id: "libcurl-devel-32bit-7.51.0-1.1.s390x", }, }, { category: "product_version", name: "libcurl4-7.51.0-1.1.s390x", product: { name: "libcurl4-7.51.0-1.1.s390x", product_id: "libcurl4-7.51.0-1.1.s390x", }, }, { category: "product_version", name: "libcurl4-32bit-7.51.0-1.1.s390x", product: { name: "libcurl4-32bit-7.51.0-1.1.s390x", product_id: "libcurl4-32bit-7.51.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-7.51.0-1.1.x86_64", product: { name: "curl-7.51.0-1.1.x86_64", product_id: "curl-7.51.0-1.1.x86_64", }, }, { category: "product_version", name: "libcurl-devel-7.51.0-1.1.x86_64", product: { name: "libcurl-devel-7.51.0-1.1.x86_64", product_id: "libcurl-devel-7.51.0-1.1.x86_64", }, }, { category: "product_version", name: "libcurl-devel-32bit-7.51.0-1.1.x86_64", product: { name: "libcurl-devel-32bit-7.51.0-1.1.x86_64", product_id: "libcurl-devel-32bit-7.51.0-1.1.x86_64", }, }, { category: "product_version", name: "libcurl4-7.51.0-1.1.x86_64", product: { name: "libcurl4-7.51.0-1.1.x86_64", product_id: "libcurl4-7.51.0-1.1.x86_64", }, }, { category: "product_version", name: "libcurl4-32bit-7.51.0-1.1.x86_64", product: { name: "libcurl4-32bit-7.51.0-1.1.x86_64", product_id: "libcurl4-32bit-7.51.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", }, product_reference: "curl-7.51.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "curl-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", }, product_reference: "curl-7.51.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "curl-7.51.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", }, product_reference: "curl-7.51.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "curl-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", }, product_reference: "curl-7.51.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", }, product_reference: "libcurl-devel-7.51.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", }, product_reference: "libcurl-devel-7.51.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.51.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", }, product_reference: "libcurl-devel-7.51.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", }, product_reference: "libcurl-devel-7.51.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", }, product_reference: "libcurl-devel-32bit-7.51.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", }, product_reference: "libcurl-devel-32bit-7.51.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", }, product_reference: "libcurl-devel-32bit-7.51.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", }, product_reference: "libcurl-devel-32bit-7.51.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", }, product_reference: "libcurl4-7.51.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", }, product_reference: "libcurl4-7.51.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.51.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", }, product_reference: "libcurl4-7.51.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", }, product_reference: "libcurl4-7.51.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", }, product_reference: "libcurl4-32bit-7.51.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", }, product_reference: "libcurl4-32bit-7.51.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", }, product_reference: "libcurl4-32bit-7.51.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libcurl4-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", }, product_reference: "libcurl4-32bit-7.51.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0037", }, ], notes: [ { category: "general", text: "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0037", url: "https://www.suse.com/security/cve/CVE-2009-0037", }, { category: "external", summary: "SUSE Bug 475103 for CVE-2009-0037", url: "https://bugzilla.suse.com/475103", }, { category: "external", summary: "SUSE Bug 527990 for CVE-2009-0037", url: "https://bugzilla.suse.com/527990", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0037", }, { cve: "CVE-2009-2417", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-2417", }, ], notes: [ { category: "general", text: "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-2417", url: "https://www.suse.com/security/cve/CVE-2009-2417", }, { category: "external", summary: "SUSE Bug 527990 for CVE-2009-2417", url: "https://bugzilla.suse.com/527990", }, { category: "external", summary: "SUSE Bug 528372 for CVE-2009-2417", url: "https://bugzilla.suse.com/528372", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-2417", }, { cve: "CVE-2013-0249", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-0249", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-0249", url: "https://www.suse.com/security/cve/CVE-2013-0249", }, { category: "external", summary: "SUSE Bug 802411 for CVE-2013-0249", url: "https://bugzilla.suse.com/802411", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2013-0249", }, { cve: "CVE-2013-1944", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1944", }, ], notes: [ { category: "general", text: "The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1944", url: "https://www.suse.com/security/cve/CVE-2013-1944", }, { category: "external", summary: "SUSE Bug 814655 for CVE-2013-1944", url: "https://bugzilla.suse.com/814655", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2013-1944", }, { cve: "CVE-2013-2174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2174", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2174", url: "https://www.suse.com/security/cve/CVE-2013-2174", }, { category: "external", summary: "SUSE Bug 824517 for CVE-2013-2174", url: "https://bugzilla.suse.com/824517", }, { category: "external", summary: "SUSE Bug 917692 for CVE-2013-2174", url: "https://bugzilla.suse.com/917692", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-2174", }, { cve: "CVE-2013-4545", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4545", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4545", url: "https://www.suse.com/security/cve/CVE-2013-4545", }, { category: "external", summary: "SUSE Bug 849596 for CVE-2013-4545", url: "https://bugzilla.suse.com/849596", }, { category: "external", summary: "SUSE Bug 870444 for CVE-2013-4545", url: "https://bugzilla.suse.com/870444", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2013-4545", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2013-4545", url: "https://bugzilla.suse.com/882520", }, { category: "external", summary: "SUSE Bug 924250 for CVE-2013-4545", url: "https://bugzilla.suse.com/924250", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-4545", }, { cve: "CVE-2014-0015", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0015", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0015", url: "https://www.suse.com/security/cve/CVE-2014-0015", }, { category: "external", summary: "SUSE Bug 858673 for CVE-2014-0015", url: "https://bugzilla.suse.com/858673", }, { category: "external", summary: "SUSE Bug 868627 for CVE-2014-0015", url: "https://bugzilla.suse.com/868627", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0015", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0015", url: "https://bugzilla.suse.com/882520", }, { category: "external", summary: "SUSE Bug 927556 for CVE-2014-0015", url: "https://bugzilla.suse.com/927556", }, { category: "external", summary: "SUSE Bug 962983 for CVE-2014-0015", url: "https://bugzilla.suse.com/962983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-0015", }, { cve: "CVE-2014-0138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0138", }, ], notes: [ { category: "general", text: "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0138", url: "https://www.suse.com/security/cve/CVE-2014-0138", }, { category: "external", summary: "SUSE Bug 868627 for CVE-2014-0138", url: "https://bugzilla.suse.com/868627", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0138", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0138", url: "https://bugzilla.suse.com/882520", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0138", }, { cve: "CVE-2014-0139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0139", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0139", url: "https://www.suse.com/security/cve/CVE-2014-0139", }, { category: "external", summary: "SUSE Bug 868629 for CVE-2014-0139", url: "https://bugzilla.suse.com/868629", }, { category: "external", summary: "SUSE Bug 880252 for CVE-2014-0139", url: "https://bugzilla.suse.com/880252", }, { category: "external", summary: "SUSE Bug 882520 for CVE-2014-0139", url: "https://bugzilla.suse.com/882520", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0139", }, { cve: "CVE-2014-3613", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3613", }, ], notes: [ { category: "general", text: "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3613", url: "https://www.suse.com/security/cve/CVE-2014-3613", }, { category: "external", summary: "SUSE Bug 894575 for CVE-2014-3613", url: "https://bugzilla.suse.com/894575", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3613", }, { cve: "CVE-2014-3620", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3620", }, ], notes: [ { category: "general", text: "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3620", url: "https://www.suse.com/security/cve/CVE-2014-3620", }, { category: "external", summary: "SUSE Bug 1199221 for CVE-2014-3620", url: "https://bugzilla.suse.com/1199221", }, { category: "external", summary: "SUSE Bug 894575 for CVE-2014-3620", url: "https://bugzilla.suse.com/894575", }, { category: "external", summary: "SUSE Bug 895991 for CVE-2014-3620", url: "https://bugzilla.suse.com/895991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3620", }, { cve: "CVE-2014-8150", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8150", }, ], notes: [ { category: "general", text: "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8150", url: "https://www.suse.com/security/cve/CVE-2014-8150", }, { category: "external", summary: "SUSE Bug 911363 for CVE-2014-8150", url: "https://bugzilla.suse.com/911363", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2014-8150", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-8150", }, { cve: "CVE-2015-3143", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3143", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3143", url: "https://www.suse.com/security/cve/CVE-2015-3143", }, { category: "external", summary: "SUSE Bug 927556 for CVE-2015-3143", url: "https://bugzilla.suse.com/927556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-3143", }, { cve: "CVE-2015-3144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3144", }, ], notes: [ { category: "general", text: "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3144", url: "https://www.suse.com/security/cve/CVE-2015-3144", }, { category: "external", summary: "SUSE Bug 927608 for CVE-2015-3144", url: "https://bugzilla.suse.com/927608", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3144", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-3144", }, { cve: "CVE-2015-3145", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3145", }, ], notes: [ { category: "general", text: "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3145", url: "https://www.suse.com/security/cve/CVE-2015-3145", }, { category: "external", summary: "SUSE Bug 927607 for CVE-2015-3145", url: "https://bugzilla.suse.com/927607", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-3145", }, { cve: "CVE-2015-3148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3148", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3148", url: "https://www.suse.com/security/cve/CVE-2015-3148", }, { category: "external", summary: "SUSE Bug 1092962 for CVE-2015-3148", url: "https://bugzilla.suse.com/1092962", }, { category: "external", summary: "SUSE Bug 927746 for CVE-2015-3148", url: "https://bugzilla.suse.com/927746", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-3148", }, { cve: "CVE-2015-3153", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3153", }, ], notes: [ { category: "general", text: "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3153", url: "https://www.suse.com/security/cve/CVE-2015-3153", }, { category: "external", summary: "SUSE Bug 928533 for CVE-2015-3153", url: "https://bugzilla.suse.com/928533", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3153", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-3153", }, { cve: "CVE-2015-3236", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3236", }, ], notes: [ { category: "general", text: "cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3236", url: "https://www.suse.com/security/cve/CVE-2015-3236", }, { category: "external", summary: "SUSE Bug 934501 for CVE-2015-3236", url: "https://bugzilla.suse.com/934501", }, { category: "external", summary: "SUSE Bug 951391 for CVE-2015-3236", url: "https://bugzilla.suse.com/951391", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-3236", }, { cve: "CVE-2015-3237", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3237", }, ], notes: [ { category: "general", text: "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3237", url: "https://www.suse.com/security/cve/CVE-2015-3237", }, { category: "external", summary: "SUSE Bug 934502 for CVE-2015-3237", url: "https://bugzilla.suse.com/934502", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-3237", }, { cve: "CVE-2016-0755", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0755", }, ], notes: [ { category: "general", text: "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0755", url: "https://www.suse.com/security/cve/CVE-2016-0755", }, { category: "external", summary: "SUSE Bug 962983 for CVE-2016-0755", url: "https://bugzilla.suse.com/962983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0755", }, { cve: "CVE-2016-7167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7167", }, ], notes: [ { category: "general", text: "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7167", url: "https://www.suse.com/security/cve/CVE-2016-7167", }, { category: "external", summary: "SUSE Bug 998760 for CVE-2016-7167", url: "https://bugzilla.suse.com/998760", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7167", }, { cve: "CVE-2016-8615", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8615", }, ], notes: [ { category: "general", text: "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8615", url: "https://www.suse.com/security/cve/CVE-2016-8615", }, { category: "external", summary: "SUSE Bug 1005633 for CVE-2016-8615", url: "https://bugzilla.suse.com/1005633", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8615", }, { cve: "CVE-2016-8616", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8616", }, ], notes: [ { category: "general", text: "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8616", url: "https://www.suse.com/security/cve/CVE-2016-8616", }, { category: "external", summary: "SUSE Bug 1005634 for CVE-2016-8616", url: "https://bugzilla.suse.com/1005634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8616", }, { cve: "CVE-2016-8617", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8617", }, ], notes: [ { category: "general", text: "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8617", url: "https://www.suse.com/security/cve/CVE-2016-8617", }, { category: "external", summary: "SUSE Bug 1005635 for CVE-2016-8617", url: "https://bugzilla.suse.com/1005635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8617", }, { cve: "CVE-2016-8618", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8618", }, ], notes: [ { category: "general", text: "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8618", url: "https://www.suse.com/security/cve/CVE-2016-8618", }, { category: "external", summary: "SUSE Bug 1005637 for CVE-2016-8618", url: "https://bugzilla.suse.com/1005637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8618", }, { cve: "CVE-2016-8619", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8619", }, ], notes: [ { category: "general", text: "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8619", url: "https://www.suse.com/security/cve/CVE-2016-8619", }, { category: "external", summary: "SUSE Bug 1005638 for CVE-2016-8619", url: "https://bugzilla.suse.com/1005638", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8619", }, { cve: "CVE-2016-8620", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8620", }, ], notes: [ { category: "general", text: "The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8620", url: "https://www.suse.com/security/cve/CVE-2016-8620", }, { category: "external", summary: "SUSE Bug 1005640 for CVE-2016-8620", url: "https://bugzilla.suse.com/1005640", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8620", }, { cve: "CVE-2016-8621", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8621", }, ], notes: [ { category: "general", text: "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8621", url: "https://www.suse.com/security/cve/CVE-2016-8621", }, { category: "external", summary: "SUSE Bug 1005642 for CVE-2016-8621", url: "https://bugzilla.suse.com/1005642", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8621", }, { cve: "CVE-2016-8622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8622", }, ], notes: [ { category: "general", text: "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8622", url: "https://www.suse.com/security/cve/CVE-2016-8622", }, { category: "external", summary: "SUSE Bug 1005643 for CVE-2016-8622", url: "https://bugzilla.suse.com/1005643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8622", }, { cve: "CVE-2016-8623", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8623", }, ], notes: [ { category: "general", text: "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8623", url: "https://www.suse.com/security/cve/CVE-2016-8623", }, { category: "external", summary: "SUSE Bug 1005645 for CVE-2016-8623", url: "https://bugzilla.suse.com/1005645", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8623", }, { cve: "CVE-2016-8624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8624", }, ], notes: [ { category: "general", text: "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8624", url: "https://www.suse.com/security/cve/CVE-2016-8624", }, { category: "external", summary: "SUSE Bug 1005646 for CVE-2016-8624", url: "https://bugzilla.suse.com/1005646", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8624", }, { cve: "CVE-2016-8625", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8625", }, ], notes: [ { category: "general", text: "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8625", url: "https://www.suse.com/security/cve/CVE-2016-8625", }, { category: "external", summary: "SUSE Bug 1005649 for CVE-2016-8625", url: "https://bugzilla.suse.com/1005649", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x", "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x", "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-8625", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.