Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:058 (curl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72039

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:058 (curl)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to curl
announced via advisory MDVSA-2012:058.

Multiple vulnerabilities has been found and corrected in curl:

curl is vulnerable to a SSL CBC IV vulnerability when built to use
OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate
the problem (CVE-2011-3389).

curl is vulnerable to a data injection attack for certain protocols
through control characters embedded or percent-encoded in URLs
(CVE-2012-0036).

The updated packages have been patched to correct these issues.

Affected: 2010.1, 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:058
http://curl.haxx.se/docs/adv_20120124B.html
http://thread.gmane.org/gmane.comp.web.curl.library/34659
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLOPTIONS
http://curl.haxx.se/docs/manpage.html#--ssl-allow-beast
http://curl.haxx.se/docs/adv_20120124.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
HPdes Security Advisory: SSRT100740
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0036
1032924
http://www.securitytracker.com/id/1032924
48256
51665
http://www.securityfocus.com/bid/51665
APPLE-SA-2012-05-09-1
DSA-2398
GLSA-201203-02
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
MDVSA-2012:058
SSRT100877
http://curl.haxx.se/curl-url-sanitize.patch
http://curl.haxx.se/docs/adv_20120124.html
http://support.apple.com/kb/HT5281
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://bugzilla.redhat.com/show_bug.cgi?id=773457
https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72039
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:058 (curl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to curl announced via advisory MDVSA-2012:058. Multiple vulnerabilities has been found and corrected in curl: curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389). curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs (CVE-2012-0036). The updated packages have been patched to correct these issues. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:058 http://curl.haxx.se/docs/adv_20120124B.html http://thread.gmane.org/gmane.comp.web.curl.library/34659 http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLOPTIONS http://curl.haxx.se/docs/manpage.html#--ssl-allow-beast http://curl.haxx.se/docs/adv_20120124.html Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3389 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 49388 http://www.securityfocus.com/bid/49388 BugTraq ID: 49778 http://www.securityfocus.com/bid/49778 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html CERT/CC vulnerability note: VU#864643 http://www.kb.cert.org/vuls/id/864643 Debian Security Information: DSA-2398 (Google Search) http://www.debian.org/security/2012/dsa-2398 http://security.gentoo.org/glsa/glsa-201203-02.xml http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02742 http://marc.info/?l=bugtraq&m=132872385320240&w=2 HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 HPdes Security Advisory: HPSBUX02730 http://marc.info/?l=bugtraq&m=132750579901589&w=2 HPdes Security Advisory: HPSBUX02760 http://marc.info/?l=bugtraq&m=133365109612558&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: SSRT100710 HPdes Security Advisory: SSRT100740 HPdes Security Advisory: SSRT100805 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://vnhacker.blogspot.com/2011/09/beast.html http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.insecure.cl/Beast-SSL.rar https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Microsoft Security Bulletin: MS12-006 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 http://osvdb.org/74829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html RedHat Security Advisories: RHSA-2012:0508 http://rhn.redhat.com/errata/RHSA-2012-0508.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://www.securitytracker.com/id?1026704 http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/45791 http://secunia.com/advisories/47998 http://secunia.com/advisories/48256 http://secunia.com/advisories/48692 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/49198 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search) https://hermes.opensuse.org/messages/13154861 SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search) https://hermes.opensuse.org/messages/13155432 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.ubuntu.com/usn/USN-1263-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0036 1032924 http://www.securitytracker.com/id/1032924 48256 51665 http://www.securityfocus.com/bid/51665 APPLE-SA-2012-05-09-1 DSA-2398 GLSA-201203-02 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 MDVSA-2012:058 SSRT100877 http://curl.haxx.se/curl-url-sanitize.patch http://curl.haxx.se/docs/adv_20120124.html http://support.apple.com/kb/HT5281 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://bugzilla.redhat.com/show_bug.cgi?id=773457 https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com