ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2016.308.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2016-308-01)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the SSA:2016-308-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the SSA:2016-308-01 advisory. Vulnerability Insight: New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.51.0-i586-1_slack14.2.txz: Upgraded. This release fixes security issues: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'curl' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8615 BugTraq ID: 94096 http://www.securityfocus.com/bid/94096 https://security.gentoo.org/glsa/201701-47 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E RedHat Security Advisories: RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1037192 Common Vulnerability Exposure (CVE) ID: CVE-2016-8616 BugTraq ID: 94094 http://www.securityfocus.com/bid/94094 Common Vulnerability Exposure (CVE) ID: CVE-2016-8617 BugTraq ID: 94097 http://www.securityfocus.com/bid/94097 Common Vulnerability Exposure (CVE) ID: CVE-2016-8618 BugTraq ID: 94098 http://www.securityfocus.com/bid/94098 Common Vulnerability Exposure (CVE) ID: CVE-2016-8619 BugTraq ID: 94100 http://www.securityfocus.com/bid/94100 Common Vulnerability Exposure (CVE) ID: CVE-2016-8620 BugTraq ID: 94102 http://www.securityfocus.com/bid/94102 Common Vulnerability Exposure (CVE) ID: CVE-2016-8621 BugTraq ID: 94101 http://www.securityfocus.com/bid/94101 Common Vulnerability Exposure (CVE) ID: CVE-2016-8622 BugTraq ID: 94105 http://www.securityfocus.com/bid/94105 Common Vulnerability Exposure (CVE) ID: CVE-2016-8623 BugTraq ID: 94106 http://www.securityfocus.com/bid/94106 Common Vulnerability Exposure (CVE) ID: CVE-2016-8624 BugTraq ID: 94103 http://www.securityfocus.com/bid/94103 https://curl.haxx.se/docs/adv_20161102J.html https://lists.apache.org/thread.html/rfaa4d578587f52a9c4d176af516a681a712c664e3be440a4163691d5@%3Ccommits.pulsar.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-8625 BugTraq ID: 94107 http://www.securityfocus.com/bid/94107
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.