OracleVM 3.3 / 3.4 : curl (OVMSA-2017-0059)
Medium Nessus Plugin ID 99113
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- treat Negotiate authentication as connection-oriented (CVE-2017-2628)
- fix a bug in DNS caching code that causes a memory leak (#1302893)
- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat '' as NULL (#1260742)
- use the default min/max TLS version provided by NSS (#1289205)
- prevent NSS from incorrectly re-using a session (#1269660)
- prevent test46 from failing due to expired cookie (#1277551)
- SSH: do not require public key file for user authentication (#1260742)
- make SCP/SFTP work with --proxytunnel (#1258566)
SolutionUpdate the affected curl / libcurl packages.