CVE-2015-3145

Related Files

Slackware Security Advisory - curl Updates

Posted Oct 30, 2015

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237

SHA-256 | 6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffb

Download | Favorite | View

Gentoo Linux Security Advisory 201509-02

Posted Sep 25, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201509-2 - Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Versions less than 7.43.0 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237

SHA-256 | f5b5b9e3238bd4c9cdd7e927d7530352831a5a3d3d388eaff85cf3fbcee5d92e

Download | Favorite | View

Mandriva Linux Security Advisory 2015-219

Posted May 4, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, remote, web, denial of service

systems | linux, mandriva

advisories | CVE-2015-3143, CVE-2015-3145, CVE-2015-3148

SHA-256 | 3e7817fedbdea6c3d2e601a78a7db5288c57b866c77b309240ccba8f424f4ebd

Download | Favorite | View

Ubuntu Security Notice USN-2591-1

Posted Apr 30, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153

SHA-256 | 58aa927ae5cde26c640c5b1fad0d3a84b7a2049bd1bb1094b604b1a5687488f4

Download | Favorite | View

Debian Security Advisory 3232-1

Posted Apr 22, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148

SHA-256 | 6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31

Download | Favorite | View