This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote OracleVM host is missing one or more security updates.
The remote OracleVM system is missing necessary patches to address
critical security updates :
- treat Negotiate authentication as connection-oriented
- fix a bug in DNS caching code that causes a memory leak
- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat '' as NULL
- use the default min/max TLS version provided by NSS
- prevent NSS from incorrectly re-using a session
- prevent test46 from failing due to expired cookie
- SSH: do not require public key file for user
- make SCP/SFTP work with --proxytunnel (#1258566)
See also :
Update the affected curl / libcurl packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true