CVE-2015-3148

Priority
Description
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated
Negotiate connections, which allows remote attackers to connect as other
users via a request.
Assigned-to
mdeslaur
Notes
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.42.0)
Ubuntu 14.04 ESM (Trusty Tahr):released (7.35.0-1ubuntu2.5)
Patches:
Upstream:http://curl.haxx.se/CVE-2015-3148.patch
Upstream:https://github.com/bagder/curl/commit/f78ae415d24b9bd89d6c121c556e411fdb21c6aa (bp)
Upstream:https://github.com/bagder/curl/commit/79b9d5f1a42578f807a6c94914bc65cbaa304b6d
More Information

Updated: 2019-12-05 18:41:02 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)