Security update for curl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0861-1 Final 1 1 2015-04-29T12:30:27Z current 2015-04-29T12:30:27Z 2015-04-29T12:30:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl curl was updated to 7.42.1 to fix one security issue. The following vulnerability was fixed: * CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies (bnc#928533) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html E-Mail link for openSUSE-SU-2015:0861-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings curl-7.42.1-2.42.1 libcurl-devel-7.42.1-2.42.1 libcurl-devel-32bit-7.42.1-2.42.1 libcurl4-7.42.1-2.42.1 libcurl4-32bit-7.42.1-2.42.1 The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. CVE-2015-3153 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html https://www.suse.com/security/cve/CVE-2015-3153.html CVE-2015-3153 https://bugzilla.suse.com/928533 SUSE Bug 928533 https://bugzilla.suse.com/951391 SUSE Bug 951391