ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0482
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0482)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2020-0482 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2020-0482 advisory. Vulnerability Insight: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. (CVE-2020-8231). A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. (CVE-2020-8284). curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. (CVE-2020-8285). curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286). Affected Software/OS: 'curl' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8231 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Debian Security Information: DSA-4881 (Google Search) https://www.debian.org/security/2021/dsa-4881 https://security.gentoo.org/glsa/202012-14 https://curl.haxx.se/docs/CVE-2020-8231.html https://hackerone.com/reports/948876 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-8284 https://security.netapp.com/advisory/ntap-20210122-0007/ https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 https://support.apple.com/kb/HT212327 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/ https://curl.se/docs/CVE-2020-8284.html https://hackerone.com/reports/1040166 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html Common Vulnerability Exposure (CVE) ID: CVE-2020-8285 http://seclists.org/fulldisclosure/2021/Apr/51 https://curl.se/docs/CVE-2020-8285.html https://github.com/curl/curl/issues/6255 https://hackerone.com/reports/1045844 Common Vulnerability Exposure (CVE) ID: CVE-2020-8286 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/54 https://curl.se/docs/CVE-2020-8286.html https://hackerone.com/reports/1048457
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.