Haxx curl 远程安全绕过漏洞(CVE-2016-8620)

漏洞描述 Haxx curl是瑞典Haxx公司的一套利用URL语法在命令行下工作的文件传输工具，该工具支持文件上传和下载，并包含一个用于程序开发的libcurl（客户端URL传输库）。Haxx curl 7.34.0至7.50.3版本中存在远程安全绕过漏洞。攻击者可利用该漏洞绕过安全限制，执行未授权操作。解决方法 以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告，可以参考对应系统的安全公告修复该漏洞:Ubuntu----------------USN-3123-1: [USN-3123-1] curl vulnerabilities链接: https://www.ubuntu.com/usn/usn-3123-1Red Hat Enterprise Linux----------------链接: https://access.redhat.com/security/cve/CVE-2016-8620Gentoo----------------GLSA-201701-47: cURL: Multiple vulnerabilities链接: https://security.gentoo.org/glsa/201701-47FreeBSD----------------765feb7d-a0d1-11e6-a881-b499baebfeaf: cURL -- multiple vulnerabilities链接: http://vuxml.freebsd.org/freebsd/765feb7d-a0d1-11e6-a881-b499baebfeaf.htmlSlackware----------------SSA:2016-308-01: [slackware-security] curl (SSA:2016-308-01)链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.661139openSUSE----------------openSUSE-SU-2016:2768-1: openSUSE Security Update: Security update for curl链接: https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00020.htmlSUSE----------------链接: https://www.suse.com/security/cve/CVE-2016-8620/Fedora----------------FEDORA-2016-89769648a0: Fedora 25 Update: curl-7.51.0-1.fc25链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JYTXIUQEYYWVLG2WJOE6FOVWRSPOQBM/FEDORA-2016-e8e8cdb4ed: Fedora 24 Update: curl-7.47.1-9.fc24链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S35RRQRUQKGWNDB4PRIQM7ZAHJXEDFCQ/Arch Linux----------------ASA-201611-7: [arch-security] [ASA-201611-7] curl: multiple issues链接: https://security.archlinux.org/ASA-201611-7Debian----------------DSA-3705: DSA-3705-1 curl -- security update链接: https://www.debian.org/security/2016/dsa-3705

标签：Haxx,8620,链接,https,org,security,2016,curl
来源： https://www.cnblogs.com/mrhonest/p/10913324.html