Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2016-766

Related Vulnerabilities: CVE-2016-8615   CVE-2016-8616   CVE-2016-8617   CVE-2016-8618   CVE-2016-8619   CVE-2016-8620   CVE-2016-8621   CVE-2016-8622   CVE-2016-8623   CVE-2016-8624  

This build resolves the following issues: CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-8621: curl_getdate out-of-bounds readCVE-2016-8622: URL unescape heap overflow via integer truncationCVE-2016-8623: Use-after-free via shared cookiesCVE-2016-8624: Invalid URL parsing with '#'

Source

ALAS-2016-766

Amazon Linux AMI Security Advisory: ALAS-2016-766
Advisory Release Date: 2016-11-10 18:00 Pacific
Advisory Updated Date: 2016-11-10 18:00 Pacific
Severity: Medium
Issue Overview:

This build resolves the following issues:

CVE-2016-8615: Cookie injection for other servers
CVE-2016-8616: Case insensitive password comparison
CVE-2016-8617: Out-of-bounds write via unchecked multiplication
CVE-2016-8618: Double-free in curl_maprintf
CVE-2016-8619: Double-free in krb5 code
CVE-2016-8620: Glob parser write/read out of bounds
CVE-2016-8621: curl_getdate out-of-bounds read
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: Invalid URL parsing with '#'


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
i686:
    libcurl-7.47.1-9.66.amzn1.i686
    libcurl-devel-7.47.1-9.66.amzn1.i686
    curl-7.47.1-9.66.amzn1.i686
    curl-debuginfo-7.47.1-9.66.amzn1.i686

src:
    curl-7.47.1-9.66.amzn1.src

x86_64:
    curl-7.47.1-9.66.amzn1.x86_64
    libcurl-devel-7.47.1-9.66.amzn1.x86_64
    libcurl-7.47.1-9.66.amzn1.x86_64
    curl-debuginfo-7.47.1-9.66.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started