Test Kennung:	1.3.6.1.4.1.25623.1.0.123056
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-1254)
Zusammenfassung:	The remote host is missing an update for the 'curl' package(s) announced via the ELSA-2015-1254 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the ELSA-2015-1254 advisory. Vulnerability Insight: [7.19.7-46] - require credentials to match for NTLM re-use (CVE-2015-3143) - close Negotiate connections when done (CVE-2015-3148) [7.19.7-45] - reject CRLFs in URLs passed to proxy (CVE-2014-8150) [7.19.7-44] - use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707) [7.19.7-43] - fix manpage typos found using aspell (#1011101) - fix comments about loading CA certs with NSS in man pages (#1011083) - fix handling of DNS cache timeout while a transfer is in progress (#835898) - eliminate unnecessary inotify events on upload via file protocol (#883002) - use correct socket type in the examples (#997185) - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178) - fix SIGSEGV of curl --retry when network is down (#1009455) - allow to use TLS 1.1 and TLS 1.2 (#1012136) - docs: update the links to cipher-suites supported by NSS (#1104160) - allow to use ECC ciphers if NSS implements them (#1058767) - make curl --trace-time print correct time (#1120196) - let tool call PR_Cleanup() on exit if NSPR is used (#1146528) - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747) - allow to enable/disable new AES cipher-suites (#1156422) - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163) - disable libcurl-level downgrade to SSLv3 (#1154059) [7.19.7-42] - do not force connection close after failed HEAD request (#1168137) - fix occasional SIGSEGV during SSL handshake (#1168668) [7.19.7-41] - fix a connection failure when FTPS handle is reused (#1154663) Affected Software/OS: 'curl' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3613 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 69748 http://www.securityfocus.com/bid/69748 Debian Security Information: DSA-3022 (Google Search) http://www.debian.org/security/2014/dsa-3022 RedHat Security Advisories: RHSA-2015:1254 http://rhn.redhat.com/errata/RHSA-2015-1254.html SuSE Security Announcement: openSUSE-SU-2014:1139 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3707 BugTraq ID: 70988 http://www.securityfocus.com/bid/70988 Debian Security Information: DSA-3069 (Google Search) http://www.debian.org/security/2014/dsa-3069 SuSE Security Announcement: openSUSE-SU-2015:0248 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html http://www.ubuntu.com/usn/USN-2399-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8150 BugTraq ID: 71964 http://www.securityfocus.com/bid/71964 Debian Security Information: DSA-3122 (Google Search) http://www.debian.org/security/2015/dsa-3122 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html https://security.gentoo.org/glsa/201701-47 http://www.mandriva.com/security/advisories?name=MDVSA-2015:021 http://www.securitytracker.com/id/1032768 http://secunia.com/advisories/61925 http://secunia.com/advisories/62075 http://secunia.com/advisories/62361 http://www.ubuntu.com/usn/USN-2474-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3143 BugTraq ID: 74299 http://www.securityfocus.com/bid/74299 Debian Security Information: DSA-3232 (Google Search) http://www.debian.org/security/2015/dsa-3232 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html https://security.gentoo.org/glsa/201509-02 HPdes Security Advisory: HPSBHF03544 http://marc.info/?l=bugtraq&m=145612005512270&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:219 http://www.mandriva.com/security/advisories?name=MDVSA-2015:220 http://www.securitytracker.com/id/1032232 SuSE Security Announcement: openSUSE-SU-2015:0799 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html http://www.ubuntu.com/usn/USN-2591-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3148 BugTraq ID: 74301 http://www.securityfocus.com/bid/74301
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.