Oracle Linux 6 / 7 : curl (ELSA-2019-4652)

critical Nessus Plugin ID 125380


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (
- CVE-2016-8616 case insensitive password comparison (
- CVE-2016-8617 OOB write via unchecked multiplication (
- CVE-2016-8618 double-free in curl_maprintf (
- CVE-2016-8619 double-free in krb5 code (
- CVE-2016-8621 curl_getdate read out of bounds (
- CVE-2016-8622 URL unescape heap overflow via integer truncation (
- CVE-2016-8623 Use-after-free via shared cookies (
- CVE-2016-8624 invalid URL parsing with # (


Update the affected curl, libcurl and / or libcurl-devel packages.

See Also

Plugin Details

Severity: Critical

ID: 125380

File Name: oraclelinux_ELSA-2019-4652.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/24/2019

Updated: 9/8/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-8622


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:curl, p-cpe:/a:oracle:linux:libcurl, p-cpe:/a:oracle:linux:libcurl-devel, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 5/23/2019

Vulnerability Publication Date: 7/31/2018

Reference Information

CVE: CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625