Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0285
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0285)
Summary:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0285 advisory.
Description:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2016-0285 advisory. Vulnerability Insight: libcurl before 7.50.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate) (CVE-2016-5419). In libcurl before 7.50.1, when using a client certificate for a connection that was then put into the connection pool, that connection could then wrongly get reused in a subsequent request to that same server. This mistakenly using the wrong connection could lead to applications sending requests to the wrong realms of the server using authentication that it wasn't supposed to have for those operations (CVE-2016-5420). libcurl before 7.50.1 is vulnerable to a use-after-free flaw in curl_easy_perform() (CVE-2016-5421). Affected Software/OS: 'curl' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5419 BugTraq ID: 92292 http://www.securityfocus.com/bid/92292 BugTraq ID: 92319 http://www.securityfocus.com/bid/92319 Debian Security Information: DSA-3638 (Google Search) http://www.debian.org/security/2016/dsa-3638 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/ https://security.gentoo.org/glsa/201701-47 https://curl.haxx.se/docs/adv_20160803A.html RedHat Security Advisories: RHSA-2016:2575 http://rhn.redhat.com/errata/RHSA-2016-2575.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1036538 http://www.securitytracker.com/id/1038341 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 SuSE Security Announcement: openSUSE-SU-2016:2227 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:2379 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.ubuntu.com/usn/USN-3048-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5420 BugTraq ID: 92309 http://www.securityfocus.com/bid/92309 https://curl.haxx.se/docs/adv_20160803B.html http://www.securitytracker.com/id/1036537 http://www.securitytracker.com/id/1036739 Common Vulnerability Exposure (CVE) ID: CVE-2016-5421 BugTraq ID: 92306 http://www.securityfocus.com/bid/92306 https://curl.haxx.se/docs/adv_20160803C.html http://www.securitytracker.com/id/1036536
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.