Synopsis: Moderate: curl security update
Advisory ID: SLSA-2017:0847-1
Issue Date: 2017-03-29
CVE Numbers: CVE-2017-2628
--
Security Fix(es):
* It was found that the fix for CVE-2015-3148 in curl was incomplete. An
application using libcurl with HTTP Negotiate authentication could
incorrectly re-use credentials for subsequent requests to the same server.
(CVE-2017-2628)
--
SL6
x86_64
curl-7.19.7-53.el6_9.x86_64.rpm
curl-debuginfo-7.19.7-53.el6_9.i686.rpm
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm
libcurl-7.19.7-53.el6_9.i686.rpm
libcurl-7.19.7-53.el6_9.x86_64.rpm
libcurl-devel-7.19.7-53.el6_9.i686.rpm
libcurl-devel-7.19.7-53.el6_9.x86_64.rpm
i386
curl-7.19.7-53.el6_9.i686.rpm
curl-debuginfo-7.19.7-53.el6_9.i686.rpm
libcurl-7.19.7-53.el6_9.i686.rpm
libcurl-devel-7.19.7-53.el6_9.i686.rpm
- Scientific Linux Development Team