Debian DSA-3455-1 : curl - security update
Medium Nessus Plugin ID 88424
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIsaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.
SolutionUpgrade the curl packages.
For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u3.