DSA-2902-1 curl -- curlID: oval:org.secpod.oval:def:601261 | Date: (C)2014-07-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. CVE-2014-0139 Richard Moore from Westpoint Ltd. reported that libcurl does not behave compliant to RFC 2828 under certain conditions and incorrectly validates wildcard SSL certificates containing literal IP addresses.
Platform: |
Debian 7.0 |
Debian 6.0 |