Bug 12577

Summary: [Update Request] Update curl package to fix CVE-2014-0015: re-use of wrong HTTP NTLM connection
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 4   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://curl.haxx.se/docs/adv_20140129.html
Whiteboard: MGA3TOO
Source RPM: curl-7.34.0-1.1.mga4, curl-7.28.1-6.3.mga3 CVE:
Status comment:

Description Funda Wang 2014-02-04 18:34:51 CET 
libcurl can in some circumstances re-use the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request(CVE-2014-0015). The package was updated and rebuilt to have this vulnerability fixed by merging upstream patch.


Reproducible: 

Steps to Reproduce:
Funda Wang 2014-02-04 18:35:28 CET

Hardware: i586 => All
Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-02-04 19:42:31 CET 
Thanks Funda.  Please check Bugzilla first :o)

*** This bug has been marked as a duplicate of bug 12476 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE