Debian Security Advisory DSA-3455-1 security@debian.org
https://www.debian.org/
January 27, 2016 https://www.debian.org/
- ------------------------------
Package : curl
CVE ID : CVE-2016-0755
Isaac Boukris discovered that cURL, an URL transfer library, reused
NTLM-authenticated proxy connections without properly making sure that
the connection was authenticated with the same credentials as set for
the new transfer. This could lead to HTTP requests being sent over the
connection authenticated as a different user.
For the stable distribution (jessie), this problem has been fixed in
version 7.38.0-4+deb8u3.
For the unstable distribution (sid), this problem has been fixed in
version 7.47.0-1.
We recommend that you upgrade your curl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/
Komentarų nėra:
Rašyti komentarą