it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5523-1] curl security update
- Date: Wed, 11 Oct 2023 06:58:41 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/ZSZHoTJ8+KscAnNG AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=FAYHbfJ6yVX231PmPwbdTs18kcQt8YI4JIOauLC/Vwo=; b=T9 5ivDG9vgymXLjfcSA/1918M1KnHY5Z0nR/yxl4iX4Bq8Ks1A+DKGqLwHdREV4MB70fA1DhQ9O8SWC QsCLl1z54mZ4j9A5rJ3++RTtkVJsKgwEN2ZNHUcFAiTQhq1qhJ8lJ4gdftFgJVSLZM1APna8hqvJO RHdiCC+MqeD5WpywVjxv5YMrd9Ddy7nm4vzgFyDFF3dn0j2UuWwk2HQDfrUviMgerLf9/mphi+LYX EiAHJTsEYU5mxOKv+8DANhUMVzSfZF6lj6KPlJzvRBaXjAcgLszNVNXwUEEF6C4QRqLtzQZlYW6Xg Rd78QzZYMctzhULAMasJ3dx+uiTB20UA==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 11 Oct 2023 06:59:12 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <dPz-vwCZCCH.A.WIF.AfkJlB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5523-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 11, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2023-38545 CVE-2023-38546
Two security issues were found in Curl, an easy-to-use client-side URL
transfer library and command line tool:
CVE-2023-38545
Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake.
CVE-2023-38546
It was discovered that under some circumstances libcurl was
susceptible to cookie injection.
For the oldstable distribution (bullseye), these problems have been fixed
in version 7.74.0-1.3+deb11u10.
For the stable distribution (bookworm), these problems have been fixed in
version 7.88.1-10+deb12u4.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUmR4AACgkQEMKTtsN8
TjbtKBAAtJ6fPT/1ZwS+elK/8gzKI3xJFgfS6k/F5o5go30i82fFGK8k7aZNzTrw
NQAPQ+DdWN4Nvm65qHXf8ME6jSNpnfmSSJ7k/RWVet8BJ3gMxOyBUOqAzK8CP5y1
xW4Dnma3+EfA4g+f0fiJ8d5xTie29P+uo7qvKeUg1eCAbsUhoEortvkOtKSm/9wh
hHq6h12LXFrDArEuOzKJZk58bo9xeMe/1BV3YdGh63lrRsz/RR/zFd51OLqn5Dgl
eJRGwHe7pXIbaCI3mncEa0y6PHQMCZWrKdQxQC5BL4Ggut+Y2nVRMexZKzLD83Rl
nrrD8LknLAr9QSNBjoMdf1s1rR7vboKNxYFtXcGf6nqFECQuSL4VihbJMIltUzpc
LE4ppZxmrOs0Q78SFP+Xq5w1zMHg+2NIRx7EHDaGObvv4t3l/PoOXWI81wPxioKa
zzxLAEVDI2Sfc6Qw/a1GmiIkEbEjhCW+LBUeOhLEfzd56W/7enCGrRFzrS6hKsbz
Ibp2lPt6755ixpFsJ8PsVTEZ8C9jV41n8tL06BEG8+wSAc+1cHMJQ+0ceQxuXiTF
Lrorm4rKgx76o8naAG+wPeg3rUawadAkhQzyUXKC1HqEDqcdIJhM+GL4qNI+ErPr
E2w1K1Qo0g+1CUcYHdNTP6O3IklUwBiyJJeSn5q/AWZYH8aKdKc=
=+znC
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5523-1] curl security update, Moritz Muehlenhoff, 11.10.2023
Archiv bereitgestellt durch MHonArc 2.6.24.