stable

curl-7.40.0-3.fc22

FEDORA-2015-6695 created by kdudka 10 years ago for Fedora 22
  • require credentials to match for NTLM re-use (CVE-2015-3143)
  • fix invalid write with a zero-length host name in URL (CVE-2015-3144)
  • fix invalid write in cookie path sanitization code (CVE-2015-3145)
  • close Negotiate connections when done (CVE-2015-3148)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-6695

This update has been submitted for testing by kdudka.

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60969/steps/runtask/logs/stdio (results are informative only)

User Icon taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/60969/steps/runtask/logs/stdio (results are informative only)

User Icon potty provided feedback 10 years ago
karma

Critical path update approved

10 years ago

This update is currently being pushed to the Fedora 22 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon chr77 commented & provided feedback 10 years ago
karma

Works for me

User Icon hreindl commented & provided feedback 10 years ago
karma

works for me

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago
User Icon taskotron commented 10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/61585/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

10 years ago

This update is currently being pushed to the Fedora 22 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago
User Icon kdudka commented 10 years ago

Thanks for the feedback!

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
Builds
1
curl-7.40.0-3.fc22
BZ#1213306 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
0
0
BZ#1213335 CVE-2015-3144 curl: host name out of boundary memory access
0
0
BZ#1213347 CVE-2015-3145 curl: cookie parser out of boundary memory access
0
0
BZ#1213351 CVE-2015-3148 curl: Negotiate not treated as connection-oriented
0
0
BZ#1214181 CVE-2015-3144 curl: host name out of boundary memory access [fedora-all]
0
0
BZ#1214182 CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
0
0
BZ#1214183 CVE-2015-3148 curl: "Negotiate" not treated as connection-oriented [fedora-all]
0
0
BZ#1214184 CVE-2015-3143 curl: re-using authenticated connection when unauthenticated [fedora-all]
0
0
curl-7.40.0-3.fc22

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0^202504140743git8ca72e0 on bodhi-web-273-ppgd9.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy