FEDORA-2015-6728

security update in Fedora 21 for curl

Status: stable 4 years ago
  • require credentials to match for NTLM re-use (CVE-2015-3143)
  • fix invalid write with a zero-length host name in URL (CVE-2015-3144)
  • fix invalid write in cookie path sanitization code (CVE-2015-3145)
  • close Negotiate connections when done (CVE-2015-3148)

Comments 14

This update has been submitted for testing by kdudka.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60971/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60971/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

Basic usage works

karma: +1

very basic usage seems to work

karma: +1

Critical path update approved

This update has reached the stable karma threshold and will be pushed to the stable updates repository

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/64352/steps/runtask/logs/stdio (results are informative only)

Thank you for testing the update!

This update is currently being pushed to the Fedora 21 stable updates repository.

This update has been pushed to stable

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Related Bugs 8

00 #1213306 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
00 #1213335 CVE-2015-3144 curl: host name out of boundary memory access
00 #1213347 CVE-2015-3145 curl: cookie parser out of boundary memory access
00 #1213351 CVE-2015-3148 curl: Negotiate not treated as connection-oriented
00 #1214181 CVE-2015-3144 curl: host name out of boundary memory access [fedora-all]
00 #1214182 CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
00 #1214183 CVE-2015-3148 curl: "Negotiate" not treated as connection-oriented [fedora-all]
00 #1214184 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated [fedora-all]

Automated Test Results