CVE-2016-9594 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Incorrect calculation |
| Description | libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable. This function has been introduced in 7.52.0 |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-117 | lib32-libcurl-gnutls | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| AVG-116 | lib32-libcurl-compat | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| AVG-115 | lib32-curl | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| AVG-114 | libcurl-gnutls | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| AVG-113 | libcurl-compat | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| AVG-112 | curl | 7.51.0-1 | 7.52.1-1 | Medium | Fixed | FS#52247 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 03 Jan 2017 | ASA-201701-9 | AVG-115 | lib32-curl | Medium | multiple issues |
| 03 Jan 2017 | ASA-201701-8 | AVG-114 | libcurl-gnutls | Medium | multiple issues |
| 03 Jan 2017 | ASA-201701-7 | AVG-113 | libcurl-compat | Medium | multiple issues |
| 03 Jan 2017 | ASA-201701-11 | AVG-117 | lib32-libcurl-gnutls | Medium | multiple issues |
| 03 Jan 2017 | ASA-201701-10 | AVG-116 | lib32-libcurl-compat | Medium | multiple issues |
| 27 Dec 2016 | ASA-201612-22 | AVG-112 | curl | Medium | multiple issues |
| References |
|---|
https://curl.haxx.se/docs/adv_20161223.html |