Download
| Alert*
|
oval:org.secpod.oval:def:89045192
This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass - CVE-2016-5420: Re-using connections with wrong client cert - CVE-2016-7141: Fixed incorrect reuse of client certificates . oval:org.secpod.oval:def:38510 The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ... oval:org.secpod.oval:def:204134 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:111244 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:111171 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1800139 libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ... oval:org.secpod.oval:def:1800606 CVE-2016-5419: TLS session resumption client cert bypass Fixed In Version curl 7.50.1 Reference Patch CVE-2016-5420: Re-using connection with wrong client cert Fixed In Version curl 7.50.1 Reference Patch CVE-2016-5421: Use of connection struct after free Fixed In Version curl 7.50.1 oval:org.secpod.oval:def:602578 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ... oval:org.secpod.oval:def:703223 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:36755 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1600434 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to re ... oval:org.secpod.oval:def:51611 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1800486 libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ... oval:org.secpod.oval:def:501913 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:1800505 CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1 oval:org.secpod.oval:def:1501656 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:38489 The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... |
