18 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5421
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown...
RHEL 7 : rh-dotnet21-curl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: Glob parser write/read out of bounds CVE-2016-8620 - Use-after-free vulnerability in libcurl before...
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
SUSE CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...
Slackware: Security Advisory (SSA:2016-219-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-5421
A use-after-free flaw was found in libcurl. When invoking curleasyperform after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is...
Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
cURL/libcurl 7.x < 7.50.1 Multiple Vulnerabilities
Binary data 9764.prm...
openSUSE Security Update : curl (openSUSE-2016-1124)
This update for curl fixes the following issues : Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fix...
CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...
CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...
CVE-2016-5421
CVE-2016-5421 is a use-after-free in libcurl up to version 7.50.0 that can affect which connection is used or cause unspecified impact via unknown vectors. Public notes in ALAS-2016-730 (curl) indicate the issue affects curl/libcurl before 7.50.1 and that patches upgrade to 7.50.1 or newer; remed...
Ubuntu: Security Advisory (USN-3048-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3048-1: curl vulnerabilities
Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client certificates when reusing TLS connections. CVE-2016-5420 Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2016-219-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-219-01. The text...
Fedora 24 : curl (2016-24316f1f56)
fix re-using connections with wrong client cert CVE-2016-5420 - fix TLS session resumption client cert bypass CVE-2016-5419 - fix use of connection struct after free CVE-2016-5421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
[slackware-security] curl
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.50.1-i586-1slack14.2.txz: Upgraded. This release fixes security issues: TLS: switch off SSL sessi...
Debian DSA-3638-1 : curl - security update
Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. - CVE-2016-5420 It was discovered that libcurl did not consider client certificates when...