Novell Home

CVE-2014-0015

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0015 at MITRE

Description

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

NVD CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 858673, 868627, 880252, 882520

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Studio Onsite 1.3
  • libcurl-devel >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
  • libcurl4-32bit >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Server 11 SP2
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
  • libcurl4-x86 >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libcurl-devel >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
  • libcurl4-32bit >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Server 11 SP3
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
  • libcurl4-x86 >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE CORE 9 for AMD64 and Intel EM64T
  • curl >= 7.11.0-39.48
  • curl-32bit >= 9-201401171639
  • curl-devel >= 7.11.0-39.48
Builds
YOU Patch Nr: 12990

© 2014 Novell