curl: can allow unauthorized disclosure and modification (CVE-2014-0015)
curl and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
CONFIRM: http://curl.haxx.se/docs/adv\_20140129.html
DSA-2849: http://www.debian.org/security/2014/dsa-2849
SECUNIA: http://secunia.com/advisories/56734;
http://secunia.com/advisories/56728
(from redmine: issue id 2671, created on 2014-02-04, closed on 2014-02-07)
- Relations:
- child #2672 (closed)
- child #2673 (closed)
- child #2674 (closed)
- child #2675 (closed)