CVE-2016-8616 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Authentication bypass |
| Description | When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-66 | lib32-libcurl-gnutls | 7.50.3-1 | 7.51.0-1 | High | Fixed | |
| AVG-65 | libcurl-gnutls | 7.50.3-1 | 7.51.0-1 | High | Fixed | |
| AVG-63 | lib32-libcurl-compat | 7.50.3-1 | 7.51.0-1 | High | Fixed | |
| AVG-62 | libcurl-compat | 7.50.3-1 | 7.51.0-1 | High | Fixed | |
| AVG-61 | lib32-curl | 7.50.3-1 | 7.51.0-1 | High | Fixed | |
| AVG-60 | curl | 7.50.3-1 | 7.51.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 03 Nov 2016 | ASA-201611-9 | AVG-65 | libcurl-gnutls | High | multiple issues |
| 03 Nov 2016 | ASA-201611-8 | AVG-62 | libcurl-compat | High | multiple issues |
| 03 Nov 2016 | ASA-201611-7 | AVG-60 | curl | High | multiple issues |
| 02 Nov 2016 | ASA-201611-5 | AVG-63 | lib32-libcurl-compat | High | multiple issues |
| 02 Nov 2016 | ASA-201611-4 | AVG-61 | lib32-curl | High | multiple issues |
| 03 Nov 2016 | ASA-201611-10 | AVG-66 | lib32-libcurl-gnutls | High | multiple issues |
| References |
|---|
https://curl.haxx.se/docs/adv_20161102B.html |