Test ID:	1.3.6.1.4.1.25623.1.0.67083
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:062 (curl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to curl announced via advisory MDVSA-2010:062. A vulnerability has been found and corrected in curl: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit (CVE-2010-0734). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct theis issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:062 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0734 20101027 rPSA-2010-0072-1 curl http://www.securityfocus.com/archive/1/514490/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 38843 http://secunia.com/advisories/38843 38981 http://secunia.com/advisories/38981 39087 http://secunia.com/advisories/39087 39734 http://secunia.com/advisories/39734 40220 http://secunia.com/advisories/40220 45047 http://secunia.com/advisories/45047 48256 http://secunia.com/advisories/48256 ADV-2010-0571 http://www.vupen.com/english/advisories/2010/0571 ADV-2010-0602 http://www.vupen.com/english/advisories/2010/0602 ADV-2010-0660 http://www.vupen.com/english/advisories/2010/0660 ADV-2010-0725 http://www.vupen.com/english/advisories/2010/0725 ADV-2010-1481 http://www.vupen.com/english/advisories/2010/1481 APPLE-SA-2010-06-15-1 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html DSA-2023 http://www.debian.org/security/2010/dsa-2023 FEDORA-2010-2720 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html FEDORA-2010-2762 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html GLSA-201203-02 http://security.gentoo.org/glsa/glsa-201203-02.xml MDVSA-2010:062 http://www.mandriva.com/security/advisories?name=MDVSA-2010:062 RHSA-2010:0329 http://www.redhat.com/support/errata/RHSA-2010-0329.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 [oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/02/09/5 [oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/03/09/1 [oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0 http://www.openwall.com/lists/oss-security/2010/03/16/11 http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://support.apple.com/kb/HT4188 http://support.avaya.com/css/P8/documents/100081819 http://wiki.rpath.com/Advisories:rPSA-2010-0072 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=563220 oval:org.mitre.oval:def:10760 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760 oval:org.mitre.oval:def:6756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.