Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0316)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0316

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0316)

Resumen: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0316 advisory.

Descripción: Summary:
The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0316 advisory.

Vulnerability Insight:
The four libcurl functions curl_escape(), curl_easy_escape(),
curl_unescape and curl_easy_unescape perform string URL percent escaping
and unescaping. They accept custom string length inputs in signed integer
arguments. The provided string length arguments were not properly checked
and due to arithmetic in the functions, passing in the length 0xffffffff
(2^32-1 or UINT_MAX or even just -1) would end up causing an allocation of
zero bytes of heap memory that curl would attempt to write gigabytes of
data into (CVE-2016-7167).

Affected Software/OS:
'curl' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7167
BugTraq ID: 92975
http://www.securityfocus.com/bid/92975
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/
https://security.gentoo.org/glsa/201701-47
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
RedHat Security Advisories: RHSA-2017:2016
https://access.redhat.com/errata/RHSA-2017:2016
RedHat Security Advisories: RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:2486
RedHat Security Advisories: RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2018:3558
http://www.securitytracker.com/id/1036813
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0316
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0316)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0316 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0316 advisory. Vulnerability Insight: The four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked and due to arithmetic in the functions, passing in the length 0xffffffff (2^32-1 or UINT_MAX or even just -1) would end up causing an allocation of zero bytes of heap memory that curl would attempt to write gigabytes of data into (CVE-2016-7167). Affected Software/OS: 'curl' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7167 BugTraq ID: 92975 http://www.securityfocus.com/bid/92975 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/ https://security.gentoo.org/glsa/201701-47 https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html RedHat Security Advisories: RHSA-2017:2016 https://access.redhat.com/errata/RHSA-2017:2016 RedHat Security Advisories: RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1036813 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632
Copyright	Copyright (C) 2022 Greenbone AG