USN-2474-1: curl vulnerability
15 January 2015
curl could be tricked into adding arbitrary requests when following certain URLs.
- curl - HTTP, HTTPS, and FTP client and client libraries
Andrey Labunets discovered that curl incorrectly handled certain URLs when
using a proxy server. If a user or automated system were tricked into using
a specially crafted URL, an attacker could possibly use this issue to
inject arbitrary HTTP requests.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.