Published: 22 April 2015
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Launchpad, Ubuntu, Debian
|Ubuntu 14.04 ESM (Trusty Tahr)||
Upstream: https://github.com/bagder/curl/commit/f78ae415d24b9bd89d6c121c556e411fdb21c6aa (bp)