it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5365-1] curl security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5365-1] curl security update
Date: Mon, 27 Feb 2023 22:00:09 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Y/0n6esD0lVHMNU9 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=oD7wxilr648eyMc6K1RzJhhJ8lXl5KW6bn6O05NxSA8=; b=AI UnWojF34BfVrLtehCWJkHNcbiQrWlqgJ34Z9I9hbDPcHDJY7Cv5eo8JzL1LR5mnBfcNHQ/Pt73KdW gMGRDf1tixoCSwxTMTrC1m86pC6v/JsD/8YX6AvoyAaaxmgHf8ehw/T0ta+UOw3Gd4c2nka6KrI/R 6jow7U7ODgLYAf37j8pPfBBguE3IJBziYk9WG56PqLVmwYm31BOMHJCt3okvpYEAc0tqgXxKJC1ij 8nR8klhIg8AfBgEeb33dJxYdygvq8wtFh7ntYW5ulHV0sDlqfLROo4rEhlMgWOpHKYYgy1BSfDRJ0 AgVQ1/BbDk9mFBhLTwvJmYSuQJPzmwDQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Mon, 27 Feb 2023 22:00:35 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <lNj5ACXlf0F.A.EEG.DgS_jB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5365-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2023-23916

Patrick Monnerat discovered that Curl's support for "chained" HTTP
compression algorithms was susceptible to denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 7.74.0-1.3+deb11u7. This update also fixes a regression in
the previously released fix for CVE-2022-27774.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP9Il4ACgkQEMKTtsN8
TjZKEA//cK64gwXlsdkBMurkfaS4XVzPfAIPoR3b9Zun57OnO79Hb+Lubj23iva0
PpnHi5cyLDRC4RkQrICAygGGZkqBg0s5kA2aNv6sNF4CrF01cDHi5xbeb8SIb3K2
S6n/UOXST1zWlPjPsewoe+ct1dC53+24pelwVWNB8fRdvnbD49XQQ7eI8hZAWJpt
ebFXkfi7xOPrSgHJdOyHAjJK3qySqfOgfbBY3qy650Po3SHS+YAqztRl+/TQf/Al
fonzIypIHpcTDUyzJ9qBfLTUbui0HgjiaQbepp42+mUb/ajtbSlVHf+a+MXUm2Vr
5kE7SDdoXTQDHkdiuo0SFpxOhhGG3BV7RecX+4tKnfTP5ADr2MZ0XnVq5RJ6y9eL
1JOTxdFBPIIjzIpdCN2NrQdSXEk9faZv6L3HXoUA92rtXaxdqYD0UkNsOBYjBtJT
4TZOS3br3bsYUxveFGeJsHA0DTcv+k6NtHxE9XyTvPwjPZyAgck35K+4zPZkQxO1
fHGWXVCODsPm6g/TzPP1GrBzuLGS9fbhAF2+cVQkSPoO8eS7salDkR4k7HCshNuY
5qhLi5PQCTrlIhOfOueRoBj0dYtR96WePh8K6mQ1gA/KtQ+n/Ps+Obpnv75cdOF8
K03rqj/CFODZ/IqinIUr+8b+Pt50kTenU4Z6pacqleEz4WcVePc=
=7ySA
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5365-1] curl security update, Moritz Muehlenhoff, 27.02.2023

Archiv bereitgestellt durch MHonArc 2.6.24.