Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian LTS: DLA-2295-1 Critical Curl Update with Exploitation Risk

debian lts
Calendar Grey July 28, 2020
Dist Debian Esm H88
The security bulletin DLA-2295-1 highlights a severe vulnerability in curl that affects users on Debian LTS, providing suggested updates for mitigation.
A vulnerbailty was found in curl, a command line tool for transferring data with URL syntax
Topics%20covered

Topics Covered

security advisory update exploitation curl data transfer HTTP headers Debian LTS

Summary

A vulnerbailty was found in curl, a command line tool for transferring
data with URL syntax.

When using when using -J (--remote-header-name) and -i (--include) in
the same command line, a malicious server could force curl to overwrite
the contents of local files with incoming HTTP headers.


For Debian 9 stretch, this problem has been fixed in version
7.52.1-5+deb9u11.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: curl
Version: 7.52.1-5+deb9u11
CVE ID: CVE-2020-8177

Topics%20covered

Topics Covered

security advisory update exploitation curl data transfer HTTP headers Debian LTS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here