Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5587-1] curl security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5587-1] curl security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5587-1] curl security update
  • Date: Sat, 23 Dec 2023 19:13:59 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZYcxd+cUyVnel2iM AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=wlWKWuyVS8Y5JYd8fv2ssW5CP/or6G3JYjCeWF4b20M=; b=Vt kTvC/q2cDjSpuoLh8HWS44XeUHqygcP0TMGE7qq+uTiHGaiKrT2d7MmTCoNkXkmjrfLxBpY21lmK3 rMYrzd5Cahed+tAUtKY8o5OJ8TXvTYpbamsbYH6XCQ+WU6MZMo4hWCFH/2dxz8B41hGfNlDq1ANVc 2x9V53+EDjZ5rB6DEa0JMQKYf7GcOZkZ5upr2qoVjvqmpZd15ff29G2B4ynEK4on5hsW3rgG8KjKZ 0YkMwW4q4tvzVq2mFVjxPumEwnmjxuvinOxmQisPweswTwoOndTS0WWcK6OP8BJPWJMyGUUcmP5z0 QJDa6v04SthQKJKc+0ePqwt/hT1k4Omg==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 23 Dec 2023 19:14:24 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <MT4IoX8_NNJ.A.cBH.QGzhlB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5587-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 23, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2023-46218 CVE-2023-46219

Two security issues were discovered in Curl: Cookies were incorrectly
validated against the public suffix list of domains and in same cases
HSTS data could fail to save to disk.

For the oldstable distribution (bullseye), these problems have been fixed
in version 7.74.0-1.3+deb11u11.

For the stable distribution (bookworm), these problems have been fixed in
version 7.88.1-10+deb12u5.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWHL5wACgkQEMKTtsN8
TjZQ6g//Vkn19s5W4JDyQToH46D/GS8HU0yFFxl2FCTaQNVwipu0/o7MXJhn/bGP
SvSJUXXszXOrYNQXNLxnAb5HLkG98FZD+SNMLhz329ggYnUa3yOYjFnU5xbacRQV
tw7UN79ouX8bPCE6zJMuGqC6aA6JC7/RDTw15E3nqHeUtZagRK/y6Pp6lOXBveo0
+fRb3opi+hMeSMr4QC+zw2pAxCYn2mRaZl7a42vxZ4iiuEfjTxMzYdJZSqosmd4a
PIMcYtl8e1AmyDxD154rOzIVMobokcgx1CCmpPYbipiCuY2mp1Srm9GttSQSRTR0
buk0GJxjcsk+QU6HNJ58UHHSGiVhWlMr370kT3cotO0YDvtVBeF8vSdrP8zmNoKQ
IyBW9WP56XHgUvd+t7YN7tlUH11r9yZBZ04DAgGmW/QzLu6JHzmwKJx9JxxDr34y
Y+mimCp9wI/ft3C0i/uarT1q6AsXA/LNXc1pqdU8QuXrJg2lAaMqqU8YT8l6iVi5
i169oP0oezvOii5R/vw3cd/zzpKsNVwLyZfUWATYLRqzpbUbr94MsPCS+7fKOawY
hCnAhUxx6/aDIWZmlVXkFtxbkskkBe9TTgc4nD0WVev7gPyImzSKzoaWYRMnsGMV
DbdJgai96T4lXYI2PM2Gh4mZDdjqC4jubvSKJaM4MNF5Pq6VHf0=
=rARX
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5587-1] curl security update, Moritz Muehlenhoff, 23.12.2023

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang