English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.852067
Category:SuSE Local Security Checks
Title:SuSE Update for curl openSUSE-SU-2018:1624-1 (curl)
Summary:The remote host is missing an update for the 'curl'; package(s) announced via the openSUSE-SU-2018:1624_1 advisory.
Description:Summary:
The remote host is missing an update for the 'curl'
package(s) announced via the openSUSE-SU-2018:1624_1 advisory.

Vulnerability Insight:
This update for curl to version 7.60.0 fixes the following issues:

These security issues were fixed:

- CVE-2018-1000300: Prevent heap-based buffer overflow when closing down
an FTP connection with very long server command replies (bsc#1092094).

- CVE-2018-1000301: Prevent buffer over-read that could have cause reading
data beyond the end of a heap based buffer used to store downloaded RTSP
content (bsc#1092098).

These non-security issues were fixed:

- Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol

- Add --haproxy-protocol for the command line tool

- Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses

- FTP: fix typo in recursive callback detection for seeking

- test1208: marked flaky

- HTTP: make header-less responses still count correct body size

- user-agent.d:: mention --proxy-header as well

- http2: fixes typo

- cleanup: misc typos in strings and comments

- rate-limit: use three second window to better handle high speeds

- examples/hiperfifo.c: improved

- pause: when changing pause state, update socket state

- curl_version_info.3: fix ssl_version description

- add_handle/easy_perform: clear errorbuffer on start if set

- cmake: add support for brotli

- parsedate: support UT timezone

- vauth/ntlm.h: fix the #ifdef header guard

- lib/curl_path.h: added #ifdef header guard

- vauth/cleartext: fix integer overflow check

- CURLINFO_COOKIELIST.3: made the example not leak memory

- cookie.d: mention that '-' as filename means stdin

- CURLINFO_SSL_VERIFYRESULT.3: fixed the example

- http2: read pending frames (including GOAWAY) in connection-check

- timeval: remove compilation warning by casting

- cmake: avoid warn-as-error during config checks

- travis-ci: enable -Werror for CMake builds

- openldap: fix for NULL return from ldap_get_attribute_ber()

- threaded resolver: track resolver time and set suitable timeout values

- cmake: Add advapi32 as explicit link library for win32

- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T

- test1148: set a fixed locale for the test

- cookies: when reading from a file, only remove_expired once

- cookie: store cookies per top-level-domain-specific hash table

- openssl: RESTORED verify locations when verifypeer==0

- file: restore old behavior for file:////foo/bar URLs

- FTP: allow PASV on IPv6 connections when a proxy is being used

- build-openssl.bat: allow custom paths for VS and perl

- winbuild: make the clean target work without build-type

- build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15

- curl: r ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
curl on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1000300
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000301
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.