Test ID:	1.3.6.1.4.1.25623.1.1.10.2019.0337
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2019-0337)
Summary:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2019-0337 advisory.
Description:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2019-0337 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. (CVE-2019-5435) A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1 (CVE-2019-5436). Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3 (CVE-2019-5481). Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3 (CVE-2019-5482). Affected Software/OS: 'curl' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5435 https://curl.haxx.se/docs/CVE-2019-5435.html https://security.netapp.com/advisory/ntap-20190606-0004/ https://support.f5.com/csp/article/K08125515 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/ https://security.gentoo.org/glsa/202003-29 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Common Vulnerability Exposure (CVE) ID: CVE-2019-5436 Bugtraq: 20200225 [SECURITY] [DSA 4633-1] curl security update (Google Search) https://seclists.org/bugtraq/2020/Feb/36 https://curl.haxx.se/docs/CVE-2019-5436.html https://support.f5.com/csp/article/K55133295 https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS Debian Security Information: DSA-4633 (Google Search) https://www.debian.org/security/2020/dsa-4633 http://www.openwall.com/lists/oss-security/2019/09/11/6 SuSE Security Announcement: openSUSE-SU-2019:1492 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html SuSE Security Announcement: openSUSE-SU-2019:1508 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2019-5481 https://curl.haxx.se/docs/CVE-2019-5481.html https://security.netapp.com/advisory/ntap-20191004-0003/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/ https://www.oracle.com/security-alerts/cpujan2020.html SuSE Security Announcement: openSUSE-SU-2019:2149 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html SuSE Security Announcement: openSUSE-SU-2019:2169 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2019-5482 https://curl.haxx.se/docs/CVE-2019-5482.html https://security.netapp.com/advisory/ntap-20200416-0003/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.