USN-726-1 -- curl vulnerability
|ID: oval:org.secpod.oval:def:700297||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following "file" URLs after a redirect.