HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
80f8158182e481b6569a26d38a63761b
HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.
31d29fe7aaae474acd1185e3d5e9e226
Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
9614673327dc336467f1b3577177a46e
Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.
34beae45285f6850ee0d22f9391e3383
Gentoo Linux Security Advisory 201203-2 - Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code. Versions less than 7.24.0 are affected.
8db893360d88524868c453346713a721
Debian Linux Security Advisory 2398-1 - Several vulnerabilities have been discovered in Curl, an URL transfer library.
c95ecedbb71b86ff645dc34a026ce3a1
Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.
e9d37387a1af50a4bbffd4fcb652979e