openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)

The following vulnerabilities have been fixed in curl : - IMAP, POP3 and SMTP URL sanitization vulnerability CVE-2012-0036 - disable SSLOPDONTINSERTEMPTYFRAGMENTS CVE-2011-3389 - disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option for older openssl versions CVE-2010-4180 %NASLMINLEVEL 70300 C Tenabl...

openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)

Fix IMAP, POP3 and SMTP URL sanitization bnc740452, CVE-2012-0036 - Disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option when built against an older OpenSSL version CVE-2010-4180. - Don't enable SSLOPDONTINSERTEMPTYFRAGMENTS bnc742306, CVE-2011-3389. %NASLMINLEVEL 70300 C Tenable Network Security,...

Mac OS X Multiple Vulnerabilities (2012-002)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Mac OS X Multiple Vulnerabilities (2012-002)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002. OpenVAS Vulnerability Test $Id: gbmacosxsu12-002.nasl 6521 2017-07-04 14:51:10Z cfischer $ Mac OS X Multiple Vulnerabilities 2012-002 Authors: Madhuri D Copyright: Copyright c...

CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...

CVE-2012-0036

CVE-2012-0036 affects curl/libcurl 7.2x prior to 7.24.0. The issue arises from not correctly handling special characters when extracting a URL pathname, enabling data-injection via crafted URLs and enabling CRLF injection in IMAP/POP3/SMTP paths. The CVSS metrics in the record show a Base score o...

Fedora Update for curl FEDORA-2012-0894

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for curl FEDORA-2012-0888

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : curl-7.21.3-13.fc15 (2012-0888)

reject URLs containing bad data CVE-2012-0036 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Debian Security Advisory DSA 2398-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 2398-1. OpenVAS Vulnerability Test $Id: deb23981.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2398-1 curl Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

SuSE 10 Security Update : curl (ZYPP Patch Number 7937)

This update to curl fixes the following security issue : - Don't set SSLOPALL to avoid potential DTLS sniffing attacks. CVE-2012-0036 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

[SECURITY] [DSA 2398-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2398-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 30, 2012 http://www.debian.org/security/faq -...

Ubuntu 10.10 / 11.04 / 11.10 : curl vulnerability (USN-1346-1)

Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected. Note that Tenable Network Security has extracted the precedin...

CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...