Download
| Alert*
oval:org.secpod.oval:def:89048859
This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:1601685 A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, cu ... oval:org.secpod.oval:def:89048862 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:707972 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:19500089 A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. A flaw was found in the Curl package, where the ... oval:org.secpod.oval:def:4501220 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: HTTP multi-header compression denial of service For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:125007 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:2501026 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:1701202 A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. A flaw was found in the Curl package, where the ... oval:org.secpod.oval:def:87968 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1506508 [7.76.1-19.el9_1.2] - fix HTTP multi-header compression denial of service oval:org.secpod.oval:def:3300297 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89048273 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests . - CVE-2023-23915: Fixed HSTS amnesia with --parallel . - CVE-2023-23916: Fixed HTTP multi-header compression denial of service . oval:org.secpod.oval:def:89367 Patrick Monnerat discovered that Curl"s support for "chained" HTTP compression algorithms was susceptible to denial of service. oval:org.secpod.oval:def:89401 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:89387 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1506471 [7.61.1-25.el8_7.3] - fix HTTP multi-header compression denial of service oval:org.secpod.oval:def:507571 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: HTTP multi-header compression denial of service For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:507599 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * curl: HTTP multi-header compression denial of service For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:2600182 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. oval:org.secpod.oval:def:610435 Patrick Monnerat discovered that Curl"s support for "chained" HTTP compression algorithms was susceptible to denial of service. oval:org.secpod.oval:def:125112 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:89048269 This update for curl fixes the following issues: - CVE-2023-23916: Fixed HTTP multi-header compression denial of service . oval:org.secpod.oval:def:1506564 [7.76.1-23.el9_2.1] - fix FTP too eager connection reuse [7.76.1-23] - fix HTTP multi-header compression denial of service [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel [7.76.1-21] - fix POST following PUT confusion [7.76.1-20] - control code in cookie denial of serv ... oval:org.secpod.oval:def:2108124 Oracle Solaris 11 - ( CVE-2023-23914 ) oval:org.secpod.oval:def:90727 The host is missing a patch containing a security fixes, which affects the following package(s): oss.lib.libcurl |