Test ID:	1.3.6.1.4.1.25623.1.0.64772
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2009-226-01)
Summary:	The remote host is missing an update for the 'curl' package(s) announced via the SSA:2009-226-01 advisory.
Description:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the SSA:2009-226-01 advisory. Vulnerability Insight: New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. For more information, see: [links moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/curl-7.19.6-i486-1_slack12.2.tgz: This update fixes a security issue where a zero byte embedded in an SSL or TLS certificate could fool cURL into validating the security of a connection to a system that the certificate was not issued for. It has been reported that at least one Certificate Authority allowed such certificates to be issued. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'curl' package(s) on Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2417 20090824 rPSA-2009-0124-1 curl http://www.securityfocus.com/archive/1/506055/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 36032 http://www.securityfocus.com/bid/36032 36238 http://secunia.com/advisories/36238 36475 http://secunia.com/advisories/36475 37471 http://secunia.com/advisories/37471 45047 http://secunia.com/advisories/45047 ADV-2009-2263 http://www.vupen.com/english/advisories/2009/2263 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 curl-certificate-security-bypass(52405) https://exchange.xforce.ibmcloud.com/vulnerabilities/52405 http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch http://curl.haxx.se/docs/adv_20090812.txt http://shibboleth.internet2.edu/secadv/secadv_20090817.txt http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0124 http://www.vmware.com/security/advisories/VMSA-2009-0016.html oval:org.mitre.oval:def:10114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114 oval:org.mitre.oval:def:8542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.