Search...

Debian Security Advisory DSA 1333-1 (libcurl3-gnutls)

2008-01-17T00:00:00

ID OPENVAS:58465
Type openvas
Reporter Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to libcurl3-gnutls announced via advisory DSA 1333-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1333_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1333-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "It has been discovered that the GnuTLS certificate verification methods
implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol
file transfer library, did not check for expired or invalid dates.

For the stable distribution (etch), this problem has been fixed in
version 7.15.5-1etch1.

We recommend that you upgrade your libcurl3-gnutls package.";
tag_summary = "The remote host is missing an update to libcurl3-gnutls
announced via advisory DSA 1333-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201333-1";

if(description)
{
 script_id(58465);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)");
 script_cve_id("CVE-2007-3564");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Debian Security Advisory DSA 1333-1 (libcurl3-gnutls)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libcurl3-dev", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcurl3-gnutls-dev", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcurl3-dbg", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcurl3", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcurl3-openssl-dev", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"curl", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcurl3-gnutls", ver:"7.15.5-1etch1", rls:"DEB4.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:58465", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1333-1 (libcurl3-gnutls)", "description": "The remote host is missing an update to libcurl3-gnutls\nannounced via advisory DSA 1333-1.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58465", "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2007-3564"], "lastseen": "2017-07-24T12:49:46", "viewCount": 0, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-07-24T12:49:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3564"]}, {"type": "openvas", "idList": ["OPENVAS:840112"]}, {"type": "osvdb", "idList": ["OSVDB:38207"]}, {"type": "ubuntu", "idList": ["USN-484-1"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1333.NASL", "UBUNTU_USN-484-1.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1333-1:BB749"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7945"]}], "modified": "2017-07-24T12:49:46", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "58465", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1333_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1333-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It has been discovered that the GnuTLS certificate verification methods\nimplemented in libcurl-gnutls, a solid, usable, and portable multi-protocol\nfile transfer library, did not check for expired or invalid dates.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch1.\n\nWe recommend that you upgrade your libcurl3-gnutls package.\";\ntag_summary = \"The remote host is missing an update to libcurl3-gnutls\nannounced via advisory DSA 1333-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201333-1\";\n\nif(description)\n{\n script_id(58465);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3564\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1333-1 (libcurl3-gnutls)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcurl3-dev\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls-dev\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-openssl-dev\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.15.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:31:24", "description": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.", "edition": 4, "cvss3": {}, "published": "2007-07-18T17:30:00", "title": "CVE-2007-3564", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3564"], "modified": "2017-07-29T01:32:00", "cpe": ["cpe:/a:libcurl:libcurl:7.15.3", "cpe:/a:libcurl:libcurl:7.14.1", "cpe:/a:libcurl:libcurl:7.16.3", "cpe:/a:libcurl:libcurl:7.15.1", "cpe:/a:libcurl:libcurl:7.15", "cpe:/a:libcurl:libcurl:7.14", "cpe:/a:libcurl:libcurl:7.15.2"], "id": "CVE-2007-3564", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3564", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libcurl:libcurl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.15:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.14:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl:7.15.1:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:33:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3564"], "description": "It was discovered that the GnuTLS certificate verification methods \nimplemented in Curl did not check for expiration and activation dates. \nWhen performing validations, tools using libcurl3-gnutls would \nincorrectly allow connections to sites using expired certificates.", "edition": 6, "modified": "2007-07-17T00:00:00", "published": "2007-07-17T00:00:00", "id": "USN-484-1", "href": "https://ubuntu.com/security/notices/USN-484-1", "title": "curl vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-3564"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:26231](https://secuniaresearch.flexerasoftware.com/advisories/26231/)\n[Secunia Advisory ID:26108](https://secuniaresearch.flexerasoftware.com/advisories/26108/)\n[Secunia Advisory ID:26104](https://secuniaresearch.flexerasoftware.com/advisories/26104/)\n[Secunia Advisory ID:26128](https://secuniaresearch.flexerasoftware.com/advisories/26128/)\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00094.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-484-1\nOther Advisory URL: http://www.trustix.org/errata/2007/0023/\nOther Advisory URL: http://www.curl.haxx.se/docs/adv_20070710.html\nFrSIRT Advisory: ADV-2007-2551\n[CVE-2007-3564](https://vulners.com/cve/CVE-2007-3564)\nBugtraq ID: 24938\n", "edition": 1, "modified": "2007-07-18T17:36:17", "published": "2007-07-18T17:36:17", "href": "https://vulners.com/osvdb/OSVDB:38207", "id": "OSVDB:38207", "title": "cURL/libcURL with GnuTLS SSL/TLS Certificate Access Restriction Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-12-04T11:28:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3564"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-484-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840112", "href": "http://plugins.openvas.org/nasl.php?oid=840112", "type": "openvas", "title": "Ubuntu Update for curl vulnerability USN-484-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_484_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for curl vulnerability USN-484-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the GnuTLS certificate verification methods\n implemented in Curl did not check for expiration and activation dates.\n When performing validations, tools using libcurl3-gnutls would\n incorrectly allow connections to sites using expired certificates.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-484-1\";\ntag_affected = \"curl vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-484-1/\");\n script_id(840112);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"484-1\");\n script_cve_id(\"CVE-2007-3564\");\n script_name( \"Ubuntu Update for curl vulnerability USN-484-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls-dev\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-openssl-dev\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dev\", ver:\"7.15.5-1ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls-dev\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-openssl-dev\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dev\", ver:\"7.15.1-1ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls-dev\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-openssl-dev\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-dev\", ver:\"7.15.4-1ubuntu2.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T15:44:00", "description": "It was discovered that the GnuTLS certificate verification methods\nimplemented in Curl did not check for expiration and activation dates.\nWhen performing validations, tools using libcurl3-gnutls would\nincorrectly allow connections to sites using expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : curl vulnerability (USN-484-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3564"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libcurl3-openssl-dev", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls-dev", "p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-dbg", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-dev", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls"], "id": "UBUNTU_USN-484-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-484-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28085);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-3564\");\n script_xref(name:\"USN\", value:\"484-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : curl vulnerability (USN-484-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the GnuTLS certificate verification methods\nimplemented in Curl did not check for expiration and activation dates.\nWhen performing validations, tools using libcurl3-gnutls would\nincorrectly allow connections to sites using expired certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/484-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"curl\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3-dbg\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3-dev\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3-gnutls-dev\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libcurl3-openssl-dev\", pkgver:\"7.15.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"curl\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3-dbg\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3-dev\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3-gnutls-dev\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libcurl3-openssl-dev\", pkgver:\"7.15.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"curl\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3-dbg\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3-dev\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3-gnutls-dev\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libcurl3-openssl-dev\", pkgver:\"7.15.5-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-dbg / libcurl3-dev / libcurl3-gnutls / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:48", "description": "It has been discovered that the GnuTLS certificate verification\nmethods implemented in libcurl-gnutls, a solid, usable, and portable\nmulti-protocol file transfer library, did not check for expired or\ninvalid dates.", "edition": 26, "published": "2007-07-23T00:00:00", "title": "Debian DSA-1333-1 : libcurl3-gnutls - missing input validation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3564"], "modified": "2007-07-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1333.NASL", "href": "https://www.tenable.com/plugins/nessus/25742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1333. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25742);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3564\");\n script_xref(name:\"DSA\", value:\"1333\");\n\n script_name(english:\"Debian DSA-1333-1 : libcurl3-gnutls - missing input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It has been discovered that the GnuTLS certificate verification\nmethods implemented in libcurl-gnutls, a solid, usable, and portable\nmulti-protocol file transfer library, did not check for expired or\ninvalid dates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1333\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libcurl3-gnutls package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"curl\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3-dbg\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3-dev\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3-gnutls\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3-gnutls-dev\", reference:\"7.15.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libcurl3-openssl-dev\", reference:\"7.15.5-1etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3564"], "description": "Certificate's activation adn expire dates are not checked if GnuTLS verification method is used.", "edition": 1, "modified": "2007-07-19T00:00:00", "published": "2007-07-19T00:00:00", "id": "SECURITYVULNS:VULN:7945", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7945", "title": "curl TLS certificates spoofing", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:27:04", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3564"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1333 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nJuly 18th, 2007\n- ------------------------------------------------------------------------\n\nPackage : libcurl3-gnutls\nVulnerability : input validation\nProblem type : local and remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3564\n\nIt has been discovered that the GnuTLS certificate verification methods\nimplemented in libcurl-gnutls, a solid, usable, and portable multi-protocol\nfile transfer library, did not check for expired or invalid dates.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch1.\n\nWe recommend that you upgrade your libcurl3-gnutls package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.dsc\n Size/MD5 checksum: 948 1eacdb0c127ad12b860033f743563df8\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz\n Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.diff.gz\n Size/MD5 checksum: 19029 cbd30d40f3026e020182e665a7f5d5be\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch1_all.deb\n Size/MD5 checksum: 22198 b6b9a429b9ae513c5e0c8472c6509907\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 811542 dbc6cd819cff1b717c46e11caa1dd331\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 815608 03e1eb1961a7e58e82e4ac2380aa8c8a\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 181660 30c703c8b17a42b63d2fbe575bafe562\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 823850 23eb2600b1da596a04bfd5043effc13d\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 166814 7a9f90444bd58d38c9452a44ff71ea98\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_alpha.deb\n Size/MD5 checksum: 175316 0167fc5805b8f8c363165dff64dafe98\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 772978 675235b32ac91f3b91f86ee28e70d1e2\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 824246 a0547976a45ee4d4be2c43b179459404\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 767648 4852d415582c564eb50cb9f8cbc677f7\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 170008 ff8b0b14022f291265324243579abf2d\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 164638 ae44174a768af4786637cb6292800b21\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_amd64.deb\n Size/MD5 checksum: 163440 c7410d7b8efc16abf1e138c1bb7a5712\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 162094 001980ca743312ca37513877ad7d19f6\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 164634 436490a717543532135cfaafb4fb4a99\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 757356 3a74f9c27504a758b95dfb6ba5fb96a3\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 782328 40e1890d559f3efb927af1d0bc0c8c6e\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 750218 82456f7c8a985993fd50eb482f715a70\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_arm.deb\n Size/MD5 checksum: 159216 183adf1413dc30aab0e80c96e8b07d69\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 164460 cb4b604568f5f67d219f42423a3871e5\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 183728 04b0a53a277f70ca365662ea80956012\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 177964 4e5610dee599cff8118ee190db9a632d\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 792842 1bdbcbc1a90f533c7a4937c61eb07097\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 811428 5028f1eb54b2eae003f97f38b06ee31e\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_hppa.deb\n Size/MD5 checksum: 786392 41a0d16e111efa9b7693b2ff4b49aae2\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 759318 e028af09b03561cf80fba28e667619cc\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 797370 61890674b4ca3d63025aec44330d018a\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 163196 c4826f28c035963ba7c78bbf02e598fc\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 765284 dbb49ba6646ccf3b0545246d221727f6\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 162952 13ee79189c41390d6123d9f2eceb43d6\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_i386.deb\n Size/MD5 checksum: 168268 abfd5346cf785ff3c3575e0ff5f45fd3\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 217322 60b9e2ed439e2d25efd0a938fed85631\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 174406 3b2820551a8f73b6d0d2fd618611aa8d\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 847688 3067d35de833b8fc16bcbac066105fab\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 225286 33446e0073372cbf66d2478d931b4c20\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 811428 29c7c73f506b810299b99ec4aa546d23\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_ia64.deb\n Size/MD5 checksum: 837622 0539dc6328d28d866c60aabcc9a54c77\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 809808 74fb469f9dede8bc34e48a4a539e4358\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 163986 df1acd593c0eeed9a18c3ed8a8a0549e\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 791042 3608d4164968ecf0eb5761ccfa981efb\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 783344 5f6956f17a95ffa849c83847ca68125a\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 165370 2ff41d7e7856497bb33aaf1c42d0cc20\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_mipsel.deb\n Size/MD5 checksum: 170278 8d0e09a0bdaf30cd225e59d381c6966a\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 165070 a2a95f8b931dd24659e6c17ae6de57e0\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 840286 670575e9107d1665d0123d5b034b09c3\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 780710 f63c169d7ac0a594415ce06fc554d03a\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 173628 2ef64672347d6ec0f710bfc3c68fb188\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 168912 2b05b6937b6c6bb567e9d77dc1d13ea2\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_powerpc.deb\n Size/MD5 checksum: 773612 4292b8d1c968c17817ccd36149ddbc20\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 835496 199f0660bb88bf2b5f8572209c4bbcaa\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 163122 4c84c66f773accf9da6e6585edcedcc7\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 773100 10a17910d3a30b7de38a138fd6c3e299\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 179504 e83ac479b8e9c5011e28db1f4d58fa14\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 768068 67cbdd360ed1dbb80824bb6738787c95\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_s390.deb\n Size/MD5 checksum: 172214 c187f5108f5a977f08abf0b4e37471e0\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 165032 18e35286ceb1129fbbe7fa1be094c59d\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 758474 e5f75c8f4491dd628fa9005e4dfc5cbb\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 159890 69c90d7c3aaa79021cfa2ee5ca0c8ca7\n http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 162360 de5df99405d29124dcd4b70e3aa60bf7\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 765156 963dd337e581b69c4663ade85a44755d\n http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_sparc.deb\n Size/MD5 checksum: 787450 2ed6fb01f7babf43d9bf04aac8ed79d5\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 11, "modified": "2007-07-18T00:00:00", "published": "2007-07-18T00:00:00", "id": "DEBIAN:DSA-1333-1:BB749", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00094.html", "title": "[SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}