Gentoo: GLSA-202310-12: curl: Multiple Vulnerabilities
Summary
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-8.3.0-r2"
References
[ 1 ] CVE-2022-43551
https://nvd.nist.gov/vuln/detail/CVE-2022-43551
[ 2 ] CVE-2022-43552
https://nvd.nist.gov/vuln/detail/CVE-2022-43552
[ 3 ] CVE-2023-23914
https://nvd.nist.gov/vuln/detail/CVE-2023-23914
[ 4 ] CVE-2023-23915
https://nvd.nist.gov/vuln/detail/CVE-2023-23915
[ 5 ] CVE-2023-23916
https://nvd.nist.gov/vuln/detail/CVE-2023-23916
[ 6 ] CVE-2023-27533
https://nvd.nist.gov/vuln/detail/CVE-2023-27533
[ 7 ] CVE-2023-27534
https://nvd.nist.gov/vuln/detail/CVE-2023-27534
[ 8 ] CVE-2023-27535
https://nvd.nist.gov/vuln/detail/CVE-2023-27535
[ 9 ] CVE-2023-27536
https://nvd.nist.gov/vuln/detail/CVE-2023-27536
[ 10 ] CVE-2023-27537
https://nvd.nist.gov/vuln/detail/CVE-2023-27537
[ 11 ] CVE-2023-27538
https://nvd.nist.gov/vuln/detail/CVE-2023-27538
[ 12 ] CVE-2023-28319
https://nvd.nist.gov/vuln/detail/CVE-2023-28319
[ 13 ] CVE-2023-28320
https://nvd.nist.gov/vuln/detail/CVE-2023-28320
[ 14 ] CVE-2023-28321
https://nvd.nist.gov/vuln/detail/CVE-2023-28321
[ 15 ] CVE-2023-28322
https://nvd.nist.gov/vuln/detail/CVE-2023-28322
[ 16 ] CVE-2023-32001
https://nvd.nist.gov/vuln/detail/CVE-2023-32001
[ 17 ] CVE-2023-38039
https://nvd.nist.gov/vuln/detail/CVE-2023-38039
[ 18 ] CVE-2023-38545
https://nvd.nist.gov/vuln/detail/CVE-2023-38545
[ 19 ] CVE-2023-38546
https://nvd.nist.gov/vuln/detail/CVE-2023-38546
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-12
Concerns
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been discovered in curl, the worst of
which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected Packages
Package Vulnerable Unaffected
------------- ------------ ------------
net-misc/curl < 8.3.0-r2 >= 8.3.0-r2
Impact
Please review the referenced CVE identifiers for details.
Note that the risk of remote code execution is limited to SOCKS usage.
Workaround
There is no known workaround at this time.