1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5587-1] curl security update

    From Moritz Muehlenhoff@21:1/5 to All on Sat Dec 23 20:20:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5587-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 23, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    CVE ID : CVE-2023-46218 CVE-2023-46219

    Two security issues were discovered in Curl: Cookies were incorrectly
    validated against the public suffix list of domains and in same cases
    HSTS data could fail to save to disk.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 7.74.0-1.3+deb11u11.

    For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u5.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWHL5wACgkQEMKTtsN8 TjZQ6g//Vkn19s5W4JDyQToH46D/GS8HU0yFFxl2FCTaQNVwipu0/o7MXJhn/bGP SvSJUXXszXOrYNQXNLxnAb5HLkG98FZD+SNMLhz329ggYnUa3yOYjFnU5xbacRQV tw7UN79ouX8bPCE6zJMuGqC6aA6JC7/RDTw15E3nqHeUtZagRK/y6Pp6lOXBveo0 +fRb3opi+hMeSMr4QC+zw2pAxCYn2mRaZl7a42vxZ4iiuEfjTxMzYdJZSqosmd4a PIMcYtl8e1AmyDxD154rOzIVMobokcgx1CCmpPYbipiCuY2mp1Srm9GttSQSRTR0 buk0GJxjcsk+QU6HNJ58UHHSGiVhWlMr370kT3cotO0YDvtVBeF8vSdrP8zmNoKQ IyBW9WP56XHgUvd+t7YN7tlUH11r9yZBZ04DAgGmW/QzLu6JHzmwKJx9JxxDr34y Y+mimCp9wI/ft3C0i/uarT1q6AsXA/LNXc1pqdU8QuXrJg2lAaMqqU8YT8l6iVi5 i169oP0oezvOii5R/vw3cd/zzpKsNVwLyZfUWATYLRqzpbUbr94MsPCS+7fKOawY hCnAhUxx6/aDIWZmlVXkFtxbkskkBe9TTgc4nD0WVev7gPyImzSKzoaWYRMnsGMV DbdJgai96T4lXYI2PM2Gh4mZDdjqC4jubvSKJaM4MNF5Pq6VHf0=
    =rARX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)