MiracleLinux 3 : curl-7.15.5-2.1AXS3.5 (AXSA:2009-376:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-376:02 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

Oracle: Security Advisory (ELSA-2009-1209)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 2.1 : curl (OVMSA-2009-0019)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2009-2417 516257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2009-0019...

Oracle Linux 5 : curl (ELSA-2009-1209)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1209 advisory. 7.15.5-2.1.el53.5 - fix CVE-2009-2417 516257 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Scientific Linux Security Update : curl on SL5.x i386/x86_64

Scott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the...

Scientific Linux Security Update : curl on SL3.x i386/x86_64

Scott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the...

CentOS Update for curl CESA-2009:1209 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for curl CESA-2009:1209 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

USN-1158-1: curl vulnerabilities

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential. CVE-2011-2192 Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount ...

SLES10: Security update for compat-curl2

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: compat-curl2 More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at http://download.novell.com/patch/finder/...

SLES10: Security update for curl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: curl curl-devel More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for curl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: curl curl-devel More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText...

SLES10: Security update for compat-curl2

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: compat-curl2 More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...

SLES10: Security update for GnuTLS

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: gnutls gnutls-devel More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references...

SLES11: Security update for curl

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: curl keyutils-libs libcurl4 libidn More details may also be found by searching for the SuSE Enterprise Server 11 patch database linked in the references...

openSUSE 10 Security Update : libcurl2 (libcurl2-6404)

This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. CVE-2009-2417 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 6470)

This update of gnutls improves the verification of the domain/subject names in a SSL certificate. CVE-2009-2417 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 6408)

This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. CVE-2009-2417 Additionally the arbitrary file access problem was fixed. CVE-2009-0037 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : curl (ZYPP Patch Number 6402)

This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. CVE-2009-2417 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...