SuSE Update For Curl OpenSUSE-SU-2014:1139-1 (curl) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

libcurl was updated to fix security issues: CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts if portions of the numerics were the same. CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad.

Affected

curl on openSUSE 13.1, openSUSE 12.3

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3613, CVE-2014-3620
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

SLES10: Security update for mutt
SLES10: Security update for GnuTLS
SLES10: Security update for file
SLES10: Security update for libcdio
SLES10: Security update for bind

SuSE Update for curl openSUSE-SU-2014:1139-1 (curl)

Take action and discover your vulnerabilities