• [SECURITY] [DSA 5523-1] curl security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Oct 11 09:00:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5523-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 11, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    CVE ID : CVE-2023-38545 CVE-2023-38546

    Two security issues were found in Curl, an easy-to-use client-side URL
    transfer library and command line tool:

    CVE-2023-38545

    Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake.

    CVE-2023-38546

    It was discovered that under some circumstances libcurl was
    susceptible to cookie injection.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 7.74.0-1.3+deb11u10.

    For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u4.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUmR4AACgkQEMKTtsN8 TjbtKBAAtJ6fPT/1ZwS+elK/8gzKI3xJFgfS6k/F5o5go30i82fFGK8k7aZNzTrw NQAPQ+DdWN4Nvm65qHXf8ME6jSNpnfmSSJ7k/RWVet8BJ3gMxOyBUOqAzK8CP5y1 xW4Dnma3+EfA4g+f0fiJ8d5xTie29P+uo7qvKeUg1eCAbsUhoEortvkOtKSm/9wh hHq6h12LXFrDArEuOzKJZk58bo9xeMe/1BV3YdGh63lrRsz/RR/zFd51OLqn5Dgl eJRGwHe7pXIbaCI3mncEa0y6PHQMCZWrKdQxQC5BL4Ggut+Y2nVRMexZKzLD83Rl nrrD8LknLAr9QSNBjoMdf1s1rR7vboKNxYFtXcGf6nqFECQuSL4VihbJMIltUzpc LE4ppZxmrOs0Q78SFP+Xq5w1zMHg+2NIRx7EHDaGObvv4t3l/PoOXWI81wPxioKa zzxLAEVDI2Sfc6Qw/a1GmiIkEbEjhCW+LBUeOhLEfzd56W/7enCGrRFzrS6hKsbz Ibp2lPt6755ixpFsJ8PsVTEZ8C9jV41n8tL06BEG8+wSAc+1cHMJQ+0ceQxuXiTF Lrorm4rKgx76o8naAG+wPeg3rUawadAkhQzyUXKC1HqEDqcdIJhM+GL4qNI+ErPr E2w1K1Qo0g+1CUcYHdNTP6O3IklUwBiyJJeSn5q/AWZYH8aKdKc=
    =+znC
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)