Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0482
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0482)
Summary:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2020-0482 advisory.
Description:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2020-0482 advisory. Vulnerability Insight: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. (CVE-2020-8231). A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. (CVE-2020-8284). curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. (CVE-2020-8285). curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286). Affected Software/OS: 'curl' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8231 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Debian Security Information: DSA-4881 (Google Search) https://www.debian.org/security/2021/dsa-4881 https://security.gentoo.org/glsa/202012-14 https://curl.haxx.se/docs/CVE-2020-8231.html https://hackerone.com/reports/948876 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-8284 https://security.netapp.com/advisory/ntap-20210122-0007/ https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 https://support.apple.com/kb/HT212327 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/ https://curl.se/docs/CVE-2020-8284.html https://hackerone.com/reports/1040166 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html Common Vulnerability Exposure (CVE) ID: CVE-2020-8285 http://seclists.org/fulldisclosure/2021/Apr/51 https://curl.se/docs/CVE-2020-8285.html https://github.com/curl/curl/issues/6255 https://hackerone.com/reports/1045844 Common Vulnerability Exposure (CVE) ID: CVE-2020-8286 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/54 https://curl.se/docs/CVE-2020-8286.html https://hackerone.com/reports/1048457
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.