var-201504-0150
Vulnerability from variot
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Background
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This could
allow remote attackers to cause a denial of service (crash). This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This could allow remote attackers to
cause a denial of service (crash). This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.
We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859 Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-19 Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in Comware 7 and iMC Plat.
COMWARE 7 Products
- 12500 (Comware 7) R7375
- HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
- H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
- 10500 (Comware 7) R7168
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
- 12900 (Comware 7) R1137
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- 5920 (Comware 7) R2422P01
- HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
- MSR1000 (Comware 7) R0304P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) R0304P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) R0304P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) R0304P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) E0321
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) R2137
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) R3109P09
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- 5700 (Comware 7) R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6602 (Comware 7) R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 R3109P09
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
iMC
- iMC Plat iMC Plat 7.1 (E0303P13)
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2015:1254-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html Issue date: 2015-07-22 Updated on: 2014-12-15 CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 =====================================================================
- Summary:
Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
-
An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)
-
A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)
-
Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)
-
Using the "--retry" option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding "--retry" no longer causes curl to crash. (BZ#1009455)
-
The "curl --trace-time" command did not use the correct local time when printing timestamps. Now, "curl --trace-time" works as expected. (BZ#1120196)
-
The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)
-
Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
-
The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The "--tlsv1" option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)
-
It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
835898 - Bug in DNS cache causes connections until restart of libcurl-using processes 883002 - curl used with file:// protocol opens and closes a destination file twice 997185 - sendrecv.c example incorrect type for sockfd 1008178 - curl scp download fails in fips mode 1011083 - CA certificate cannot be specified by nickname [documentation bug] 1011101 - manpage typos found using aspell 1058767 - curl does not support ECDSA certificates 1104160 - Link in curl man page is wrong 1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain 1154059 - curl: Disable out-of-protocol fallback to SSL 3.0 1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth 1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS 1156422 - curl does not allow explicit control of DHE ciphers 1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE 1168137 - curl closes connection after HEAD request fails 1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() 1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated 1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
ppc64: curl-7.19.7-46.el6.ppc64.rpm curl-debuginfo-7.19.7-46.el6.ppc.rpm curl-debuginfo-7.19.7-46.el6.ppc64.rpm libcurl-7.19.7-46.el6.ppc.rpm libcurl-7.19.7-46.el6.ppc64.rpm libcurl-devel-7.19.7-46.el6.ppc.rpm libcurl-devel-7.19.7-46.el6.ppc64.rpm
s390x: curl-7.19.7-46.el6.s390x.rpm curl-debuginfo-7.19.7-46.el6.s390.rpm curl-debuginfo-7.19.7-46.el6.s390x.rpm libcurl-7.19.7-46.el6.s390.rpm libcurl-7.19.7-46.el6.s390x.rpm libcurl-devel-7.19.7-46.el6.s390.rpm libcurl-devel-7.19.7-46.el6.s390x.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3613 https://access.redhat.com/security/cve/CVE-2014-3707 https://access.redhat.com/security/cve/CVE-2014-8150 https://access.redhat.com/security/cve/CVE-2015-3143 https://access.redhat.com/security/cve/CVE-2015-3148 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn emWApg/iYw5vIs3rWoqmU7A= =p+Xb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html
Updated Packages:
Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0150", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.28.1" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.12.1" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.13.1" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.16.3" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.13.0" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.12.2" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.16.2" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.13.2" }, { "model": "curl", "scope": "eq", "trust": 1.6, "vendor": "haxx", "version": "7.12.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.14.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.29.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.14.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.30.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.24.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.5" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.6" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.33.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.13.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.23.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.4" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.5" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.13.1" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.5" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.22.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.32.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.20.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.13.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.37.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.17.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.20.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.31.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.40.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.7" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.35.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.10.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.36.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.7" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.37.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.6" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.8" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.23.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.26.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.6" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.17.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.14.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.41.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.30.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.3" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.6" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.3" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.34.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.25.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.10.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.28.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.5" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.4" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.22.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.10.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.27.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.32.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.38.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.7" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.20.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.28.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.31.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.40.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.3" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.29.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.18.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.2" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.14.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.24.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.10.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.39" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.5" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.8" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.23.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.33.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.17.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.26.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.23.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.41.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "22" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.5" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.3" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.34.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.28.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.39.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "21" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.25.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.20.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.10" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.3" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.17.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.37.1" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.2" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.12.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.10.4" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.10.7" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.35.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.15.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.27.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.36.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.7" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.16.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.37.0" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.19.6" }, { "model": "libcurl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.38.0" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.4" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.7" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.11.1" }, { "model": "curl", "scope": "eq", "trust": 1.0, "vendor": "haxx", "version": "7.21.6" }, { "model": "system management homepage", "scope": "lte", "trust": 1.0, "vendor": "hp", "version": "7.5.3.1" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "7.0" }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "curl", "scope": "eq", "trust": 0.8, "vendor": "haxx", "version": "7.10.6 to 7.41.0" }, { "model": "libcurl", "scope": "eq", "trust": 0.8, "vendor": "haxx", "version": "7.10.6 to 7.41.0" }, { "model": "opensuse", "scope": null, "trust": 0.8, "vendor": "opensuse", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.4" }, { "model": "comware", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hpe intelligent management center plat", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.6, "vendor": "novell", "version": "13.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "74301" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "CNNVD", "id": "CNNVD-201504-503" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3148" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Isaac Boukris", "sources": [ { "db": "BID", "id": "74301" } ], "trust": 0.3 }, "cve": "CVE-2015-3148", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3148", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-81109", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-3148", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201504-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81109", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-3148", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-81109" }, { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "CNNVD", "id": "CNNVD-201504-503" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \ncURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: September 24, 2015\n Bugs: #547376, #552618\n ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.43.0 \u003e= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is\n similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This could\n allow remote attackers to cause a denial of service (crash). This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions. \n\nCVE-2015-3145\n\n When parsing HTTP cookies, if the parsed cookie\u0027s \"path\" element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This could allow remote attackers to\n cause a denial of service (crash). This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04986859\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04986859\nVersion: 1\n\nHPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware\n7 and cURL, Remote Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-19\nLast Updated: 2016-02-19\n\nPotential Security Impact: Remote Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in cURL and libcurl have been addressed\nwith HPE iMC PLAT and other HP and H3C products using Comware 7. The\nvulnerabilities could be exploited remotely resulting in unauthorized access. \n\nReferences:\n\n - CVE-2015-3143\n - CVE-2015-3148\n - SSRT102110\n - PSRT110028\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in Comware 7 and iMC Plat. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) R7375\n * HP Network Products\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JC072B HP 12500 Main Processing Unit\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n - JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis\n - JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis\n - JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis\n - JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis\n - JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit\n - JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module\n - JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module\n - JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module\n - JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module\n - JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module\n - JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module\n - JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module\n - JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule\n - JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module\n - JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module\n - JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module\n - JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module\n - JG798A HP FlexFabric 12508E Fabric Module\n * H3C Products\n - H3C S12508 Routing Switch (AC-1) (0235A0GE)\n - H3C S12518 Routing Switch (AC-1) (0235A0GF)\n - H3C S12508 Chassis (0235A0E6)\n - H3C S12508 Chassis (0235A38N)\n - H3C S12518 Chassis (0235A0E7)\n - H3C S12518 Chassis (0235A38M)\n - H3C 12508 DC Switch Chassis (0235A38L)\n - H3C 12518 DC Switch Chassis (0235A38K)\n + 10500 (Comware 7) R7168\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE\nModule\n - JH192A HP 10500 48-port Gig-T (RJ45) SE Module\n - JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module\n - JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module\n - JH195A HP 10500 6-port 40GbE QSFP+ EC Module\n - JH196A HP 10500 2-port 100GbE CFP EC Module\n - JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module\n + 12900 (Comware 7) R1137\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + 5900 (Comware 7) R2422P01\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + 5920 (Comware 7) R2422P01\n * HP Network Products\n - JG296A HP 5920AF-24XG Switch\n - JG555A HP 5920AF-24XG TAA Switch\n + MSR1000 (Comware 7) R0304P04\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + MSR2000 (Comware 7) R0304P04\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + MSR3000 (Comware 7) R0304P04\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + MSR4000 (Comware 7) R0304P04\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + VSR (Comware 7) E0321\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + 7900 (Comware 7) R2137\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + 5130 (Comware 7) R3109P09\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n + 5700 (Comware 7) R2422P01\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + 5930 (Comware 7) R2422P01\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + HSR6602 (Comware 7) R7103P05\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + HSR6800 (Comware 7) R7103P05\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n - JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit\n + 1950 R3109P09\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n\n**iMC**\n\n + iMC Plat iMC Plat 7.1 (E0303P13)\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n - JG659AAE HP IMC Smart Connect VAE E-LTU\n - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\n - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 19 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:1254-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html\nIssue date: 2015-07-22\nUpdated on: 2014-12-15\nCVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 \n CVE-2015-3143 CVE-2015-3148 \n=====================================================================\n\n1. Summary:\n\nUpdated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user\u0027s cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle\u0027s duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues. \n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API. \n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload. \n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected. \n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS. \nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n835898 - Bug in DNS cache causes connections until restart of libcurl-using processes\n883002 - curl used with file:// protocol opens and closes a destination file twice\n997185 - sendrecv.c example incorrect type for sockfd\n1008178 - curl scp download fails in fips mode\n1011083 - CA certificate cannot be specified by nickname [documentation bug]\n1011101 - manpage typos found using aspell\n1058767 - curl does not support ECDSA certificates\n1104160 - Link in curl man page is wrong\n1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain\n1154059 - curl: Disable out-of-protocol fallback to SSL 3.0\n1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS\n1156422 - curl does not allow explicit control of DHE ciphers\n1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE\n1168137 - curl closes connection after HEAD request fails\n1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()\n1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated\n1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nppc64:\ncurl-7.19.7-46.el6.ppc64.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc64.rpm\nlibcurl-7.19.7-46.el6.ppc.rpm\nlibcurl-7.19.7-46.el6.ppc64.rpm\nlibcurl-devel-7.19.7-46.el6.ppc.rpm\nlibcurl-devel-7.19.7-46.el6.ppc64.rpm\n\ns390x:\ncurl-7.19.7-46.el6.s390x.rpm\ncurl-debuginfo-7.19.7-46.el6.s390.rpm\ncurl-debuginfo-7.19.7-46.el6.s390x.rpm\nlibcurl-7.19.7-46.el6.s390.rpm\nlibcurl-7.19.7-46.el6.s390x.rpm\nlibcurl-devel-7.19.7-46.el6.s390.rpm\nlibcurl-devel-7.19.7-46.el6.s390x.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3613\nhttps://access.redhat.com/security/cve/CVE-2014-3707\nhttps://access.redhat.com/security/cve/CVE-2014-8150\nhttps://access.redhat.com/security/cve/CVE-2015-3143\nhttps://access.redhat.com/security/cve/CVE-2015-3148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn\nemWApg/iYw5vIs3rWoqmU7A=\n=p+Xb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm\n 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm\n 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm\n f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm \n 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security", "sources": [ { "db": "NVD", "id": "CVE-2015-3148" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "BID", "id": "74301" }, { "db": "VULHUB", "id": "VHN-81109" }, { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "PACKETSTORM", "id": "133700" }, { "db": "PACKETSTORM", "id": "131588" }, { "db": "PACKETSTORM", "id": "135878" }, { "db": "PACKETSTORM", "id": "134138" }, { "db": "PACKETSTORM", "id": "132792" }, { "db": "PACKETSTORM", "id": "131727" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3148", "trust": 3.5 }, { "db": "BID", "id": "74301", "trust": 1.5 }, { "db": "SECTRACK", "id": "1032232", "trust": 1.2 }, { "db": "JUNIPER", "id": "JSA10743", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2015-002487", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201504-503", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0637", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-81109", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-3148", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131588", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135878", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134138", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131727", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81109" }, { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "BID", "id": "74301" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "PACKETSTORM", "id": "133700" }, { "db": "PACKETSTORM", "id": "131588" }, { "db": "PACKETSTORM", "id": "135878" }, { "db": "PACKETSTORM", "id": "134138" }, { "db": "PACKETSTORM", "id": "132792" }, { "db": "PACKETSTORM", "id": "131727" }, { "db": "CNNVD", "id": "CNNVD-201504-503" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "id": "VAR-201504-0150", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-81109" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:23:08.257000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html" }, { "title": "HT205031", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205031" }, { "title": "HT205031", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht205031" }, { "title": "DSA-3232", "trust": 0.8, "url": "https://www.debian.org/security/2015/dsa-3232" }, { "title": "FEDORA-2015-6695", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html" }, { "title": "FEDORA-2015-6728", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html" }, { "title": "FEDORA-2015-6853", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html" }, { "title": "FEDORA-2015-6864", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html" }, { "title": "HPSBHF03544", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2" }, { "title": "HPSBMU03546", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763" }, { "title": "openSUSE-SU-2015:0799", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html" }, { "title": "Negotiate not treated as connection-oriented", "trust": 0.8, "url": "http://curl.haxx.se/docs/adv_20150422b.html" }, { "title": "USN-2591-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2591-1" }, { "title": "curl-curl-7_42_0", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55216" }, { "title": "curl-curl-7_42_0", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55215" }, { "title": "Red Hat: Moderate: curl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170847 - security advisory" }, { "title": "Red Hat: Moderate: curl security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152159 - security advisory" }, { "title": "Red Hat: CVE-2015-3148", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3148" }, { "title": "Ubuntu Security Notice: curl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2591-1" }, { "title": "Debian Security Advisories: DSA-3232-1 curl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9" }, { "title": "Amazon Linux AMI: ALAS-2015-514", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-514" }, { "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "CNNVD", "id": "CNNVD-201504-503" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-284", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81109" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://advisories.mageia.org/mgasa-2015-0179.html" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/74301" }, { "trust": 1.3, "url": "https://security.gentoo.org/glsa/201509-02" }, { "trust": 1.3, "url": "http://rhn.redhat.com/errata/rhsa-2015-1254.html" }, { "trust": 1.2, "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html" }, { "trust": 1.2, "url": "http://curl.haxx.se/docs/adv_20150422b.html" }, { "trust": 1.2, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 1.2, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.2, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763" }, { "trust": 1.2, "url": "https://support.apple.com/kb/ht205031" }, { "trust": 1.2, "url": "http://www.debian.org/security/2015/dsa-3232" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html" }, { "trust": 1.2, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219" }, { "trust": 1.2, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:220" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id/1032232" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2591-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3148" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0637" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145" }, { "trust": 0.3, "url": "http://curl.haxx.se/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3148" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=145612005512270\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/284.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2017:0847" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2591-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38683" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://:80\")," }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3143" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3707" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3613" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8150" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-81109" }, { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "BID", "id": "74301" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "PACKETSTORM", "id": "133700" }, { "db": "PACKETSTORM", "id": "131588" }, { "db": "PACKETSTORM", "id": "135878" }, { "db": "PACKETSTORM", "id": "134138" }, { "db": "PACKETSTORM", "id": "132792" }, { "db": "PACKETSTORM", "id": "131727" }, { "db": "CNNVD", "id": "CNNVD-201504-503" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-81109" }, { "db": "VULMON", "id": "CVE-2015-3148" }, { "db": "BID", "id": "74301" }, { "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "db": "PACKETSTORM", "id": "133700" }, { "db": "PACKETSTORM", "id": "131588" }, { "db": "PACKETSTORM", "id": "135878" }, { "db": "PACKETSTORM", "id": "134138" }, { "db": "PACKETSTORM", "id": "132792" }, { "db": "PACKETSTORM", "id": "131727" }, { "db": "CNNVD", "id": "CNNVD-201504-503" }, { "db": "NVD", "id": "CVE-2015-3148" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-24T00:00:00", "db": "VULHUB", "id": "VHN-81109" }, { "date": "2015-04-24T00:00:00", "db": "VULMON", "id": "CVE-2015-3148" }, { "date": "2015-04-23T00:00:00", "db": "BID", "id": "74301" }, { "date": "2015-04-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "date": "2015-09-25T06:54:51", "db": "PACKETSTORM", "id": "133700" }, { "date": "2015-04-22T20:15:37", "db": "PACKETSTORM", "id": "131588" }, { "date": "2016-02-23T05:11:25", "db": "PACKETSTORM", "id": "135878" }, { "date": "2015-10-30T23:23:03", "db": "PACKETSTORM", "id": "134138" }, { "date": "2015-07-22T17:57:59", "db": "PACKETSTORM", "id": "132792" }, { "date": "2015-05-04T17:18:27", "db": "PACKETSTORM", "id": "131727" }, { "date": "2015-04-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-503" }, { "date": "2015-04-24T14:59:11", "db": "NVD", "id": "CVE-2015-3148" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-81109" }, { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2015-3148" }, { "date": "2016-07-05T22:09:00", "db": "BID", "id": "74301" }, { "date": "2016-09-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002487" }, { "date": "2021-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-503" }, { "date": "2018-10-30T16:27:35.843000", "db": "NVD", "id": "CVE-2015-3148" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "133700" }, { "db": "PACKETSTORM", "id": "131727" }, { "db": "CNNVD", "id": "CNNVD-201504-503" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cURL and libcurl Vulnerabilities connected as other users", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002487" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Access Validation Error", "sources": [ { "db": "BID", "id": "74301" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.