The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Curl: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Curl.
Vulnerable software: SDS, SES, SNS, OpenOffice, Mac OS X, cURL, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, IBM System x Server, Tivoli Workload Scheduler, Juniper EX-Series, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 02/11/2016.
Références of this computer vulnerability: 2001818, 2009692, bulletinapr2018, CERTFR-2019-AVI-325, cpuoct2018, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, DLA-711-1, DSA-2019-114, DSA-2020-030, DSA-3705-1, FEDORA-2016-e8e8cdb4ed, HT207423, JSA10874, JSA10951, K01006862, K10196624, K26899353, K44503763, K46123931, K52828640, MIGR-5099570, openSUSE-SU-2016:2768-1, RHSA-2018:3558-01, SSA:2016-308-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20989.

Description of the vulnerability 

Several vulnerabilities were announced in Curl.

An attacker can bypass access restrictions via Cookie Injection, in order to read or alter data. [severity:2/4; CVE-2016-8615]

An attacker can bypass security features via Case Insensitive Password Comparison, in order to escalate his privileges. [severity:2/4; CVE-2016-8616]

An attacker can generate a memory corruption via Multiplication, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8617]

An attacker can force the usage of a freed memory area via curl_maprintf(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8618]

An attacker can force the usage of a freed memory area via krb5, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8619]

An attacker can generate a buffer overflow via Glob Parser, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8620]

An attacker can force a read at an invalid address via Curl_getdate, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-8621]

An attacker can generate an integer overflow via URL Unescape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8622]

An attacker can force the usage of a freed memory area via Shared Cookies, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8623]

An attacker can bypass security features via URL Parsing, in order to obtain sensitive information. [severity:2/4; CVE-2016-8624]

An attacker can bypass security features via IDNA 2003, in order to obtain sensitive information. [severity:2/4; CVE-2016-8625]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as SDS, SES, SNS, OpenOffice, Mac OS X, cURL, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, IBM System x Server, Tivoli Workload Scheduler, Juniper EX-Series, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

Curl: version 7.51.0.
The version 7.51.0 is fixed:
  https://curl.haxx.se/

Apache OpenOffice: version 4.1.6.
The version 4.1.6 is fixed:
  https://www.openoffice.org/download/

Apple MacOS: version Sierra 10.12.2.
The version Sierra 10.12.2 is fixed.

Debian: new curl packages.
New packages are available:
  Debian 7: curl 7.26.0-1+wheezy17
  Debian 8: curl 7.38.0-4+deb8u5

Dell EMC Unisphere Central: version 4.0.8.23220.
The version 4.0.8.23220 is fixed:
  https://www.dell.com/support/

Dell EMC VNXe3200: version 3.1.11.10003441.
The version 3.1.11.10003441 is fixed:
  https://www.dell.com/support/

F5 BIG-IP: solution for cURL.
The solution is indicated in information sources.

Fedora 24: new curl packages.
New packages are available:
  Fedora 24: curl 7.47.1-9.fc24

IBM BigFix Platform: version 9.5.5.
The version 9.5.5 is fixed:
  http://www-01.ibm.com/support/

IBM IMM for System x: version 1AOO78J-6.20.
The version 1AOO78J-6.20 is fixed.

IBM Workload Scheduler: patch for cURL.
A patch is indicated in information sources.

Junos OS: solution for cURL.
The solution is indicated in information sources.

Junos Space: version 19.2R1.
The version 19.2R1 is fixed:
  https://www.juniper.net/support/downloads/

openSUSE Leap 42.1: new curl packages.
New packages are available:
  openSUSE Leap 42.1: curl 7.37.0-16.1

Oracle Solaris: CPU of Octobre 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2451130.1

Oracle Solaris: patch for third party software of April 2018 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL: new httpd24 packages.
New packages are available:
  RHEL 6: httpd24-curl 7.61.1-1.el6, httpd24-httpd 2.4.34-7.el6, httpd24-nghttp2 1.7.1-7.el6
  RHEL 7: httpd24-curl 7.61.1-1.el7, httpd24-httpd 2.4.34-7.el7, httpd24-nghttp2 1.7.1-7.el7

Shibboleth Service Provider: version 2.6.0.1.
The version 2.6.0.1 is fixed:
  http://shibboleth.net/downloads/service-provider/latest/

Slackware: new curl packages.
New packages are available:
  Slackware 13.0: curl 7.51.0-*-1_slack13.0
  Slackware 13.1: curl 7.51.0-*-1_slack13.1
  Slackware 13.37: curl 7.51.0-*-1_slack13.37
  Slackware 14.0: curl 7.51.0-*-1_slack14.0
  Slackware 14.1: curl 7.51.0-*-1_slack14.1
  Slackware 14.2: curl 7.51.0-*-1_slack14.2

Stormshield: solution for curl.
The solution is indicated in information sources.

SUSE LE 11: new curl packages.
New packages are available:
  SUSE LE 11 SP4: curl 7.19.7-1.64.1

SUSE LE 12: new curl packages.
New packages are available:
  SUSE LE 12 SP1: curl 7.37.0-31.1

Synology DS/RS: version 6.0.2-8451-3.
The version 6.0.2-8451-3 is fixed:
  https://www.synology.com/

Ubuntu: new curl packages.
New packages are available:
  Ubuntu 16.10: libcurl3 7.50.1-1ubuntu1.1
  Ubuntu 16.04 LTS: libcurl3 7.47.0-1ubuntu2.2
  Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.10
  Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.17
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.