MiracleLinux 4 : curl-7.19.7-53.AXS4 (AXSA:2017-1587:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1587:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)

cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6...

CVE-2017-2628

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...

CVE-2017-2628

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...

CVE-2017-2628

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...

CVE-2017-2628

CVE-2017-2628 affects curl in Red Hat Enterprise Linux 6 before 7.19.7-53. The issue arises because the fix for CVE-2015-3148 was not correctly backported: HAVE_GSSAPI was replaced by USE_HTTP_NEGOTIATE, and the backport did not reflect this change. This introduces a vulnerability in RHEL 6 curl ...

RHEL 6 : curl (RHSA-2017:0847)

An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RedHat Update for curl RHSA-2017:0847-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20170329)

Security Fixes : - It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. CVE-2017-2628 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OracleVM 3.3 / 3.4 : curl (OVMSA-2017-0059)

The remote OracleVM system is missing necessary patches to address critical security updates : - treat Negotiate authentication as connection-oriented CVE-2017-2628 - fix a bug in DNS caching code that causes a memory leak 1302893 - SSH: make CURLOPTSSHPUBLICKEYFILE treat '' as NULL 1260742 - use...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

curl security update

7.19.7-53 - treat Negotiate authentication as connection-oriented CVE-2017-2628...