HP Security Bulletin HPSBHF03544 1 - Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.
85b2d81dc1b3f872228664d35268d8bbb970c56095b755f549519a9b80b7f991
Red Hat Security Advisory 2015-2159-06 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.
4c8f1214c87209b025a888e27c36d8b6ff081c288e2cfca9b6e90d6d41fae18d
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffb
Gentoo Linux Security Advisory 201509-2 - Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Versions less than 7.43.0 are affected.
f5b5b9e3238bd4c9cdd7e927d7530352831a5a3d3d388eaff85cf3fbcee5d92e
Red Hat Security Advisory 2015-1254-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.
0ed5cabcb944358c959adc7aca7eed2a6fdaaf3a1626d9b045adaa54f8d1b50f
Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
3e7817fedbdea6c3d2e601a78a7db5288c57b866c77b309240ccba8f424f4ebd
Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
93a94eb337b5044eb63909ac1ea0b6b115dc511b796cc311be4d8059f0680a12
Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.
58aa927ae5cde26c640c5b1fad0d3a84b7a2049bd1bb1094b604b1a5687488f4
Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.
6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31