Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.
4abdca181cc67933f360c5393ddadd7197a24c99bd7985727a9e00a4d0cad5b6
Gentoo Linux Security Advisory 201701-47 - Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 7.52.1 are affected.
ed17dde2328ade9790f91afaff126cf8be5cf927530ff9055acf129e816be470
Apple Security Advisory 2016-12-13-1 - macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.
68bf50743be919151d9547b2351d633298a9bfe57d7160fac7541f89315f5b98
Red Hat Security Advisory 2016-2575-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
6ded3ee3863bdea0ccb1e1da6586004598947276a437a6a908d555e08d3dca4d
Ubuntu Security Notice 3048-1 - Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. It was discovered that curl incorrectly handled client certificates when reusing TLS connections. Marcelo Echeverria and Fernando Munoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
8ee3fb48b7adc731def079b1e3c45d9ade172bb87d565756b2eb899f2c16762d
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
5693aa89ea5da65762d9d22ad391e75c64eb5a352d4ed11267605e036c849f0d
Debian Linux Security Advisory 3638-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.
e04de6812e9e2686a674a0315737bd48ecc81989e51936268323bf64692a8bcc