Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

ITUGLIB Update: Curl 7.79.0 Available - Critical Update

From Randall@21:1/5 to All on Wed Sep 15 12:25:11 2021

Hi Everyone,

Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html * Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Randall@21:1/5 to Randall on Wed Sep 22 12:57:29 2021

On Wednesday, September 15, 2021 at 3:25:12 p.m. UTC-4, Randall wrote:

Hi Everyone,

Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
* Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Quick update: 7.79.1 was released as a quick-fix today. The builds are now available on ITUGLIB.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Briels
  Tue Apr 23 20:54:03 2024
  from Uk via SSH
- Michal Wronka
  Wed Apr 24 14:13:57 2024
  from Wroclaw, Poland via SSH
- Michal Wronka
  Wed Apr 24 14:02:51 2024
  from Wroclaw, Poland via SSH
- Guest
  Wed Apr 24 01:40:10 2024
  from A via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	296
Nodes:	16 (2 / 14)
Uptime:	33:23:29
Calls:	6,648
Calls today:	3
Files:	12,193
Messages:	5,328,715