Amazon Linux AMI : curl (ALAS-2016-652)
Medium Nessus Plugin ID 88664
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015 . (CVE-2016-0755)
SolutionRun 'yum update curl' to update your system.