Mageia: Security Advisory (MGASA-2017-0281)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Asterisk PJSIP Invalid Media Attribute Denial Of Service (CVE-2018-1000099)

A denial-of-service vulnerability exists in Asterisk PJSIP. The vulnerability is due to improper validation of SDP Media Attributes. Successful exploitation can result in denial-of-service conditions...

Photon OS 2.0: Curl PHSA-2017-0045

An update of the curl package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0045. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121761;...

Debian DSA-4170-1 : pjproject - security update

Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

[SECURITY] [DSA 4170-1] pjproject security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4170-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 09, 2018 https://www.debian.org/security/faq -...

CVE-2018-1000099

CVE-2018-1000099 affects Teluu PJSIP up to version 2.7.1, where a null/uninitialized pointer vulnerability in pjmedia SDP parsing can crash a system. Exploitation is tied to processing specially crafted SDP messages; the issue is stated to be fixed in PJSIP 2.7.2. Connected advisories reference D...

CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

[ASA-201710-6] lib32-libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201710-6 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-388 Summa...

[ASA-201710-3] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201710-3 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-371 Summary =======...

[ASA-201710-5] libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201710-5 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-387 Summary...

[ASA-201710-4] lib32-libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201710-4 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-386 Summa...

[ASA-201710-7] libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201710-7 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-389 Summary...

CVE-2017-1000099

CVE-2017-1000099 is an information-disclosure flaw in curl/libcurl prior to 7.55.0. When retrieving a file from a file:// URL, libcurl could output metadata with HTTP-like headers by sending the wrong, uninitialized heap buffer to stdout/provide callback, potentially displaying private heap data....

[ASA-201708-16] curl: information disclosure

Arch Linux Security Advisory ASA-201708-16 ========================================== Severity: Medium Date : 2017-08-22 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-370 Summary...

CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

Security fix for the ALT Linux 8 package curl version 7.55.0-alt1

Aug. 9, 2017 Anton Farygin 7.55.0-alt1 - new version with following security fixes: CVE-2017-1000101 glob: do not parse after a strtoul overflow range CVE-2017-1000100 tftp: reject file name lengths that don't fit CVE-2017-1000099 file: output the correct buffer to the user...