Download
| Alert*
oval:org.secpod.oval:def:89045192
This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass - CVE-2016-5420: Re-using connections with wrong client cert - CVE-2016-7141: Fixed incorrect reuse of client certificates . oval:org.secpod.oval:def:703341 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:38513 The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ... oval:org.secpod.oval:def:204134 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:89043595 This update for curl several issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects This non-security issue was fixed: - Set DEFAULT_SUSE as the default cipher list oval:org.secpod.oval:def:1800801 libcurl built on top of NSS incorrectly re-used client certificates if a certificate from file was used for one TLS connection but no certificate set for a subsequent TLS connection. While the symptoms are similar to CVE-2016-5420 , this vulnerability was caused by an implementation detail of the N ... oval:org.secpod.oval:def:37885 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1600454 After testing original CVE-2016-5420 patch, it was discovered that libcurl built on top of NSS still incorrectly re-uses client certificates if a certificate from file is used for one TLS connection but no certificate is set for a subsequent TLS connection. oval:org.secpod.oval:def:51515 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:501913 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:1501656 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:38489 The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... |