SuSE 11.3 Security Update : curl (SAT Patch Number 10166)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update fixes the following security issues :

- URL request injection (bnc#911363) When libcurl sends a
request to a server via a HTTP proxy, it copies the
entire URL into the request and sends if off.

If the given URL contains line feeds and carriage
returns those will be sent along to the proxy too, which
allows the program to for example send a separate HTTP
request injected embedded in the URL.

- duphandle read out of bounds. (bnc#901924).

- libcurl cookie leaks (bnc#894575) Additional bug fixed:.

- curl_multi_remove_handle: don't crash on multiple
removes (bnc#897816)

See also :

Solution :

Apply SAT patch number 10166.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 81121 ()

Bugtraq ID:

CVE ID: CVE-2014-3613

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now