Red Hat Local Security Checks : RedHat Update for curl RHSA-2017:2016-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871865

Categoría: Red Hat Local Security Checks

Título: RedHat Update for curl RHSA-2017:2016-01

Resumen: The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'curl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The curl packages provide the libcurl
library and the curl utility for downloading files from servers using various
protocols, including HTTP, FTP, and LDAP. Security Fix(es): * Multiple integer
overflow flaws leading to heap-based buffer overflows were found in the way curl
handled escaping and unescaping of data. An attacker could potentially use these
flaws to crash an application using libcurl by sending a specially crafted input
to the affected libcurl functions. (CVE-2016-7167) Additional Changes: For
detailed information on changes in this release, see the Red Hat Enterprise
Linux 7.4 Release Notes linked from the References section.

Affected Software/OS:
curl on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7167
BugTraq ID: 92975
http://www.securityfocus.com/bid/92975
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/
https://security.gentoo.org/glsa/201701-47
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
RedHat Security Advisories: RHSA-2017:2016
https://access.redhat.com/errata/RHSA-2017:2016
RedHat Security Advisories: RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:2486
RedHat Security Advisories: RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2018:3558
http://www.securitytracker.com/id/1036813
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871865
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for curl RHSA-2017:2016-01
Resumen:	The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the referenced advisory. Vulnerability Insight: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. (CVE-2016-7167) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Affected Software/OS: curl on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7167 BugTraq ID: 92975 http://www.securityfocus.com/bid/92975 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/ https://security.gentoo.org/glsa/201701-47 https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html RedHat Security Advisories: RHSA-2017:2016 https://access.redhat.com/errata/RHSA-2017:2016 RedHat Security Advisories: RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1036813 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632
Copyright	Copyright (C) 2017 Greenbone AG