CVE-2014-0138

Priority
Medium
Description
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses
(1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8)
SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow
context-dependent attackers to connect as other users via a request, a
similar issue to CVE-2014-0015.
References
Bugs
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.36.0)
Ubuntu 10.04 LTS (Lucid Lynx):released (7.19.7-1ubuntu1.7)
Ubuntu 12.04 LTS (Precise Pangolin):released (7.22.0-3ubuntu4.8)
Ubuntu 12.10 (Quantal Quetzal):released (7.27.0-1ubuntu1.9)
Ubuntu 13.10 (Saucy Salamander):released (7.32.0-1ubuntu1.4)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2)
Patches:
Upstream:http://curl.haxx.se/libcurl-bad-reuse.patch
Upstream:https://github.com/bagder/curl/commit/378af08c99299683eb728fd8f9d3d3ab05f73ec0 (bp)
Upstream:https://github.com/bagder/curl/commit/d765099813f58153cb859279c743e6494d179341 (bp)
Upstream:https://github.com/bagder/curl/commit/517b06d657aceb11a234b05cc891170c367ab80d
Upstream:https://github.com/bagder/curl/commit/f82e0edc171b33528bc4f59036505d98ecf1d816
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-17 18:14:59 UTC (commit 7945)