Fedora 37: curl 2023-ddf6575695 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-ddf6575695
2023-02-19 01:36:15.220252
--------------------------------------------------------------------------------

Name        : curl
Product     : Fedora 37
Version     : 7.85.0
Release     : 6.fc37
URL         : https://curl.se/
Summary     : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP.  curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

- fix HTTP multi-header compression denial of service (CVE-2023-23916) - share
HSTS between handles (CVE-2023-23915 CVE-2023-23914)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 15 2023 Kamil Dudka  - 7.85.0-6
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
- share HSTS between handles (CVE-2023-23915 CVE-2023-23914)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2170747 - CVE-2023-23914 curl: HSTS ignored on multiple requests [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2170747
  [ 2 ] Bug #2170750 - CVE-2023-23915 curl: HSTS amnesia with --parallel [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2170750
  [ 3 ] Bug #2170751 - CVE-2023-23916 curl: HTTP multi-header compression denial of service [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2170751
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-ddf6575695' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: curl 2023-ddf6575695

February 19, 2023
- fix HTTP multi-header compression denial of service (CVE-2023-23916) - share HSTS between handles (CVE-2023-23915 CVE-2023-23914)

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

- fix HTTP multi-header compression denial of service (CVE-2023-23916) - share HSTS between handles (CVE-2023-23915 CVE-2023-23914)

Change Log

* Wed Feb 15 2023 Kamil Dudka - 7.85.0-6 - fix HTTP multi-header compression denial of service (CVE-2023-23916) - share HSTS between handles (CVE-2023-23915 CVE-2023-23914)

References

[ 1 ] Bug #2170747 - CVE-2023-23914 curl: HSTS ignored on multiple requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2170747 [ 2 ] Bug #2170750 - CVE-2023-23915 curl: HSTS amnesia with --parallel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2170750 [ 3 ] Bug #2170751 - CVE-2023-23916 curl: HTTP multi-header compression denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2170751

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ddf6575695' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : curl
Product : Fedora 37
Version : 7.85.0
Release : 6.fc37
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)

Related News

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

PyTorch Poisoned in Software Supply Chain Attack

PyTorch Suffers Supply Chain Attack via Dependency Confusion

Red Hat Releases a Virtual Red Hat Enterprise Linux Desktop on AWS

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy