1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5365-1] curl security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Feb 27 23:10:02 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5365-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 27, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    CVE ID : CVE-2023-23916

    Patrick Monnerat discovered that Curl's support for "chained" HTTP
    compression algorithms was susceptible to denial of service.

    For the stable distribution (bullseye), this problem has been fixed in
    version 7.74.0-1.3+deb11u7. This update also fixes a regression in
    the previously released fix for CVE-2022-27774.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP9Il4ACgkQEMKTtsN8 TjZKEA//cK64gwXlsdkBMurkfaS4XVzPfAIPoR3b9Zun57OnO79Hb+Lubj23iva0 PpnHi5cyLDRC4RkQrICAygGGZkqBg0s5kA2aNv6sNF4CrF01cDHi5xbeb8SIb3K2 S6n/UOXST1zWlPjPsewoe+ct1dC53+24pelwVWNB8fRdvnbD49XQQ7eI8hZAWJpt ebFXkfi7xOPrSgHJdOyHAjJK3qySqfOgfbBY3qy650Po3SHS+YAqztRl+/TQf/Al fonzIypIHpcTDUyzJ9qBfLTUbui0HgjiaQbepp42+mUb/ajtbSlVHf+a+MXUm2Vr 5kE7SDdoXTQDHkdiuo0SFpxOhhGG3BV7RecX+4tKnfTP5ADr2MZ0XnVq5RJ6y9eL 1JOTxdFBPIIjzIpdCN2NrQdSXEk9faZv6L3HXoUA92rtXaxdqYD0UkNsOBYjBtJT 4TZOS3br3bsYUxveFGeJsHA0DTcv+k6NtHxE9XyTvPwjPZyAgck35K+4zPZkQxO1 fHGWXVCODsPm6g/TzPP1GrBzuLGS9fbhAF2+cVQkSPoO8eS7salDkR4k7HCshNuY 5qhLi5PQCTrlIhOfOueRoBj0dYtR96WePh8K6mQ1gA/KtQ+n/Ps+Obpnv75cdOF8 K03rqj/CFODZ/IqinIUr+8b+Pt50kTenU4Z6pacqleEz4WcVePc=
    =7ySA
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)