CVE-2015-3143
Published: 22 April 2015
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(7.22.0-3ubuntu4.14)
|
|
trusty |
Released
(7.35.0-1ubuntu2.5)
|
|
upstream |
Released
(7.42.0)
|
|
utopic |
Released
(7.37.1-1ubuntu3.4)
|
|
vivid |
Released
(7.38.0-3ubuntu2.2)
|
|
Patches: upstream: http://curl.haxx.se/CVE-2015-3143.patch |