FEDORA-2015-6728 created by kdudka 5 years ago for Fedora 21
stable
  • require credentials to match for NTLM re-use (CVE-2015-3143)
  • fix invalid write with a zero-length host name in URL (CVE-2015-3144)
  • fix invalid write in cookie path sanitization code (CVE-2015-3145)
  • close Negotiate connections when done (CVE-2015-3148)

How to install

sudo dnf upgrade --advisory=FEDORA-2015-6728

This update has been submitted for testing by kdudka.

5 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60971/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60971/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

5 years ago

This update has been pushed to testing

5 years ago
User Icon williamjmorenor commented & provided feedback 5 years ago
karma

Basic usage works

User Icon kparal commented & provided feedback 5 years ago
karma

very basic usage seems to work

Critical path update approved

5 years ago
User Icon yuwata provided feedback 5 years ago
karma

This update has reached the stable karma threshold and will be pushed to the stable updates repository

5 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/64352/steps/runtask/logs/stdio (results are informative only)

Thank you for testing the update!

This update is currently being pushed to the Fedora 21 stable updates repository.

5 years ago

This update has been pushed to stable

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1213306 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
0
0
BZ#1213335 CVE-2015-3144 curl: host name out of boundary memory access
0
0
BZ#1213347 CVE-2015-3145 curl: cookie parser out of boundary memory access
0
0
BZ#1213351 CVE-2015-3148 curl: Negotiate not treated as connection-oriented
0
0
BZ#1214181 CVE-2015-3144 curl: host name out of boundary memory access [fedora-all]
0
0
BZ#1214182 CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
0
0
BZ#1214183 CVE-2015-3148 curl: "Negotiate" not treated as connection-oriented [fedora-all]
0
0
BZ#1214184 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated [fedora-all]
0
0

Automated Test Results