cURL: Multiple vulnerabilities
Multiple vulnerabilities have been found in cURL, the worst of
which could allow remote attackers to execute arbitrary code.
curl
2017-01-19
2017-01-19: 01
536014
573102
583394
590482
592974
593716
597760
603370
603574
remote
7.52.1
7.52.1
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Multiple vulnerabilities have been discovered in cURL. Please review the
CVE identifiers and bug reports referenced for details.
Remote attackers could conduct a Man-in-the-Middle attack to obtain
sensitive information, cause a Denial of Service condition, or execute
arbitrary code.
There is no known workaround at this time.
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.52.1"
CVE-2014-8150
CVE-2014-8151
CVE-2016-0755
CVE-2016-3739
CVE-2016-5419
CVE-2016-5420
CVE-2016-5421
CVE-2016-7141
CVE-2016-7167
CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8620
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625
CVE-2016-9586
CVE-2016-9594
b-man
b-man