Debian DSA-2849-1 : curl - information disclosure
Medium Nessus Plugin ID 72239
SynopsisThe remote Debian host is missing a security-related update.
DescriptionParas Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.
SolutionUpgrade the curl packages.
For the oldstable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze7.
For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy8.