New Alerts for curl, NetApp, and Linux.
curl
When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a MitM attack to go unnoticed and allows it to inject data to the client.
More info.
curl supports "chained" HTTP compression algorithms, with an unbounded number of acceptable "links" in this "decompression chain", allowing a malicious server to insert a virtually unlimited number of compression steps, resulting in an out of memory DoS.
More info.
A malicious server can serve excessive amounts of Set-Cookies headers in a HTTP response to curl and curl stores all of them, resulting in a DoS.
More info.
NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel and other kernel modules. More info.
Ubuntu has updated the kernel. More info.