GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Sep 18, 2017 4:26 am Post subject: [ GLSA 201709-14 ] cURL |
|
|
Gentoo Linux Security Advisory
Title: cURL: Multiple vulnerabilities (GLSA 201709-14)
Severity: normal
Exploitable: remote
Date: 2017-09-17
Bug(s): #615870, #615994, #626776
ID: 201709-14
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of
which may allow attackers to bypass intended restrictions.
Background
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Affected Packages
Package: net-misc/curl
Vulnerable: < 7.55.1
Unaffected: >= 7.55.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in cURL. Please review the
CVE identifiers referenced below for details.
Impact
Remote attackers could cause a Denial of Service condition, obtain
sensitive information, or bypass intended restrictions for TLS sessions.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.55.1"
|
References
CVE-2017-1000099
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-7407
CVE-2017-7468
Last edited by GLSA on Fri Sep 29, 2017 4:17 am; edited 1 time in total |
|