MGASA-2014-0444

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0444.html

Import Source

https://advisories.mageia.org/MGASA-2014-0444.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0444

Related

CVE-2014-3707

Published

2014-11-14T00:57:44Z

Modified

2014-11-14T00:41:59Z

Summary

Updated curl packages fix CVE-2014-3707

Details

Updated curl packages fix security vulnerability:

Symeon Paraschoudis discovered that the curleasyduphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPTCOPYPOSTFIELDS and curleasy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence (CVE-2014-3707).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / curl

Package

Name: curl
Purl: pkg:rpm/mageia/curl?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.28.1-6.6.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / curl

Package

Name: curl
Purl: pkg:rpm/mageia/curl?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.34.0-1.4.mga4

Ecosystem specific

{
    "section": "core"
}