Mandriva Linux Security Advisory : curl (MDVSA-2015:021)
Medium Nessus Plugin ID 80467
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated curl packages fix security vulnerability :
When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).
SolutionUpdate the affected packages.