CVE-2016-8615

Several security issues were fixed in curl ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...

Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...

Debian Bug report logs - #836918 curl: CVE-2016-7141: Incorrect reuse of client certificates (nss backend) Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Sep 2016 08:36:01 UTC Severity: important Tags: patch, sec ...

Debian Bug report logs - #837945 curl: CVE-2016-7167: escape and unescape integer overflows Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Sep 2016 19:06:02 UTC Severity: important Tags: fixed-upstream, patch, se ...

This build resolves the following issues: CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-862 ...

A flaw was found in curl before version 751 If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar ...

If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar The issue pertains to the function that loads cookies into memory, which reads the specified file into a fixed-size buffer in a line-by-line manner us ...

LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...