Amazon Linux AMI : curl (ALAS-2017-922)
Medium Nessus Plugin ID 104704
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionIMAP FETCH response out of bounds read :
A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)
SolutionRun 'yum update curl' to update your system.