Уязвимость CVE-2015-3145: Информация
Описание
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Важность: HIGH (7,5)
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
curl | sisyphus | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Исправлено |
curl | p10 | 7.42.0-alt1 | 8.7.1-alt2 | ALT-PU-2015-1396-1 | 143432 | Исправлено |
curl | p9 | 7.42.0-alt1 | 7.79.0-alt2 | ALT-PU-2015-1396-1 | 143432 | Исправлено |
curl | c10f1 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Исправлено |
curl | c9f2 | 7.42.0-alt1 | 8.6.0-alt1 | ALT-PU-2015-1396-1 | 143432 | Исправлено |
curl | c7 | 7.56.1-alt1.M70C.1.1 | 7.56.1-alt1.M70C.1.1 | ALT-PU-2018-1442-1 | 202075 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
DSA-3232 |
|
http://curl.haxx.se/docs/adv_20150422C.html |
|
USN-2591-1 |
|
FEDORA-2015-6853 |
|
FEDORA-2015-6864 |
|
1032232 |
|
MDVSA-2015:219 |
|
FEDORA-2015-6728 |
|
openSUSE-SU-2015:0799 |
|
FEDORA-2015-6695 |
|
http://advisories.mageia.org/MGASA-2015-0179.html |
|
APPLE-SA-2015-08-13-2 |
|
https://support.apple.com/kb/HT205031 |
|
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 |
|
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html |
|
74303 | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 | |
GLSA-201509-02 | |
FEDORA-2015-6712 | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html |