Hi Everyone,
Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:
* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
* Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 33:23:29 |
Calls: | 6,648 |
Calls today: | 3 |
Files: | 12,193 |
Messages: | 5,328,715 |