Synopsis:          Moderate: curl security update

Advisory ID:       SLSA-2017:0847-1

Issue Date:        2017-03-29

CVE Numbers:       CVE-2017-2628

--



Security Fix(es):



* It was found that the fix for CVE-2015-3148 in curl was incomplete. An

application using libcurl with HTTP Negotiate authentication could

incorrectly re-use credentials for subsequent requests to the same server.

(CVE-2017-2628)

--



SL6

  x86_64

    curl-7.19.7-53.el6_9.x86_64.rpm

    curl-debuginfo-7.19.7-53.el6_9.i686.rpm

    curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm

    libcurl-7.19.7-53.el6_9.i686.rpm

    libcurl-7.19.7-53.el6_9.x86_64.rpm

    libcurl-devel-7.19.7-53.el6_9.i686.rpm

    libcurl-devel-7.19.7-53.el6_9.x86_64.rpm

  i386

    curl-7.19.7-53.el6_9.i686.rpm

    curl-debuginfo-7.19.7-53.el6_9.i686.rpm

    libcurl-7.19.7-53.el6_9.i686.rpm

    libcurl-devel-7.19.7-53.el6_9.i686.rpm



- Scientific Linux Development Team