openSUSE Security Update : curl (openSUSE-2016-152)
Medium Nessus Plugin ID 88608
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for curl fixes the following issues :
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
The following non-security bugs were fixed :
- boo#936676: secure_getenv or __secure_getenv may not be detected correctly at build time
The following tracked bugs only affect the test suite :
- boo#962996: Expired cookie in test 46 caused test failures
- boo#934333: Curl test suite was not run, is now enabled during build
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected curl packages.