Download
| Alert*
oval:org.secpod.oval:def:503382
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:2103499 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn"t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` ... oval:org.secpod.oval:def:89003369 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP . - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message . - CVE-2018-1689 ... oval:org.secpod.oval:def:89003325 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow . - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response . - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 . - CVE-2018-168 ... oval:org.secpod.oval:def:66495 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: NTLM type-2 heap out-of-bounds buffer read * wget: Information exposure in set_file_metadata function in xattr.c * cur ... oval:org.secpod.oval:def:1801331 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801332 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801337 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801345 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:603629 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ... oval:org.secpod.oval:def:51213 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:52204 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:115926 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1504292 [7.61.1-11] - rebuild with updated annobin to prevent Execshield RPMDiff check from failing [7.61.1-10] - fix SMTP end-of-response out-of-bounds read - fix NTLMv2 type-3 header stack buffer overflow - fix NTLM type-2 out-of-bounds buffer read - xattr: strip credentials from any URL that is stored ... oval:org.secpod.oval:def:53509 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ... oval:org.secpod.oval:def:50619 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... |