CVE-2014-0015

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0015 at MITRE

Description

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

NVD CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)

SUSE information

SUSE Bugzilla entries: 858673, 868627, 880252, 882520, 927556

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Studio Onsite 1.3
  • libcurl-devel >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
  • libcurl4-32bit >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Server 11 SP2
  • curl >= 7.19.7-1.20.31.1
  • libcurl4 >= 7.19.7-1.20.31.1
  • libcurl4-x86 >= 7.19.7-1.20.31.1
Builds
SAT Patch Nr: 8796
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libcurl-devel >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
  • libcurl4-32bit >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
SUSE Linux Enterprise Server 11 SP3
  • curl >= 7.19.7-1.32.1
  • libcurl4 >= 7.19.7-1.32.1
  • libcurl4-x86 >= 7.19.7-1.32.1
Builds
SAT Patch Nr: 8797
openSUSE 12.3
  • curl >= 7.28.1-4.29.1
  • curl-debuginfo >= 7.28.1-4.29.1
  • curl-debugsource >= 7.28.1-4.29.1
  • libcurl-devel >= 7.28.1-4.29.1
  • libcurl4 >= 7.28.1-4.29.1
  • libcurl4-32bit >= 7.28.1-4.29.1
  • libcurl4-debuginfo >= 7.28.1-4.29.1
  • libcurl4-debuginfo-32bit >= 7.28.1-4.29.1
Patchnames:
openSUSE-2014-149
openSUSE 13.1
  • curl >= 7.32.0-2.12.1
  • curl-debuginfo >= 7.32.0-2.12.1
  • curl-debugsource >= 7.32.0-2.12.1
  • libcurl-devel >= 7.32.0-2.12.1
  • libcurl4 >= 7.32.0-2.12.1
  • libcurl4-32bit >= 7.32.0-2.12.1
  • libcurl4-debuginfo >= 7.32.0-2.12.1
  • libcurl4-debuginfo-32bit >= 7.32.0-2.12.1
Patchnames:
openSUSE-2014-149
openSUSE Evergreen 11.4
  • curl >= 7.21.2-41.1
  • curl-debuginfo >= 7.21.2-41.1
  • libcurl-devel >= 7.21.2-41.1
  • libcurl4 >= 7.21.2-41.1
  • libcurl4-32bit >= 7.21.2-41.1
  • libcurl4-debuginfo >= 7.21.2-41.1
  • libcurl4-debuginfo-32bit >= 7.21.2-41.1
  • libcurl4-debuginfo-x86 >= 7.21.2-41.1
  • libcurl4-x86 >= 7.21.2-41.1
Patchnames:
2014-20