ID de Prueba:	1.3.6.1.4.1.25623.1.0.71249
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2398-2 (curl)
Resumen:	Debian Security Advisory DSA 2398-2 (curl)
Descripción:	The remote host is missing an update to curl announced via advisory DSA 2398-2. cURL is a command-line tool and library for transferring data with URL syntax. It was discovered that the countermeasures against the Dai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389, BEAST) cause interoperability issues with some server implementations. This update ads the the CURLOPT_SSL_OPTIONS and CURLSSLOPT_ALLOW_BEAST options to the library, and the - --ssl-allow-beast option to the curl program. For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze2. We recommend that you upgrade your curl packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202398-2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3389 http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.insecure.cl/Beast-SSL.rar http://vnhacker.blogspot.com/2011/09/beast.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html HPdes Security Advisory: HPSBMU02742 http://marc.info/?l=bugtraq&m=132872385320240&w=2 HPdes Security Advisory: SSRT100740 HPdes Security Advisory: HPSBUX02730 http://marc.info/?l=bugtraq&m=132750579901589&w=2 HPdes Security Advisory: SSRT100710 Microsoft Security Bulletin: MS12-006 http://technet.microsoft.com/security/bulletin/MS12-006 http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search) https://hermes.opensuse.org/messages/13154861 SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search) https://hermes.opensuse.org/messages/13155432 CERT/CC vulnerability note: VU#864643 http://www.kb.cert.org/vuls/id/864643 BugTraq ID: 49388 http://www.securityfocus.com/bid/49388 BugTraq ID: 49778 http://www.securityfocus.com/bid/49778 http://osvdb.org/74829 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14752 http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://secunia.com/advisories/45791 http://secunia.com/advisories/49198 http://secunia.com/advisories/48692
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario Email: Usuario: Contraseña: Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas. Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.     Privacidad

Ingreso de Usuario Registrado   Usuario:     Contraseña:     ¿Olvidó su usuario o contraseña?? Email/ID de Usario: