Download
| Alert*
oval:org.secpod.oval:def:89003325
This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow . - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response . - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 . - CVE-2018-168 ... oval:org.secpod.oval:def:89002561 This update for curl fixes the following issues: - CVE-2018-16840: A use after free in closing SASL handles was fixed - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes oval:org.secpod.oval:def:89002426 This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes oval:org.secpod.oval:def:2103386 Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. oval:org.secpod.oval:def:1600974 A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an #039;easy#039; handle in the `Curl_close` function, the library code first frees a struct and might then subsequently erroneously write to a struct field within that already freed struct. ... oval:org.secpod.oval:def:603567 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ... oval:org.secpod.oval:def:53460 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ... oval:org.secpod.oval:def:1504362 [7.29.0-54.0.1] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers - CVE-2016-8616 case insensitive password comparison - CVE-2016-8617 OOB write via unchecked multiplication - CVE-2016-8618 double-free in curl_maprintf - CVE-2016-8619 double-free in krb5 code ... oval:org.secpod.oval:def:503267 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Heap-based buffer over-read in the curl tool warning formatting For more details about the security issue, including th ... oval:org.secpod.oval:def:115296 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:205259 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: Heap-based buffer over-read in the curl tool warning formatting For more details about the security issue, including th ... oval:org.secpod.oval:def:51024 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89049639 This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c ... oval:org.secpod.oval:def:115380 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:48685 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... |