A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
This build resolves the following issues:
CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-862 ...
A flaw was found in curl before version 7510 The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure ...
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads
When cookies to be sent to a server are collected, the matching function collects all cookies to send and the cookie lock is released immediately afterwards That function however only returns a list with references ba ...
LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...