| Errata ID | 95 |
|---|---|
| Date | 2014-04-16 |
| Source package | curl |
| Fixed in version | 7.21.0-6.45.201404151057 |
| Description | If CURLOPT_SSLVERIFYHOST is disabled, CURLOPT_SSL_VERIFYPEER was disabled as well (CVE-2013-4545) libcurl can in some circumstances re-use the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request (CVE-2014-0015) libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. (CVE-2014-0138) libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. (CVE-2014-0139) |
| Additional notes | This update fixes these vulnerabilities. |
| CVE ID | CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 |
