Amazon Linux AMI : curl (ALAS-2018-938)
High Nessus Plugin ID 105516
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. (CVE-2017-8816)
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. (CVE-2017-8817)
SolutionRun 'yum update curl' to update your system.