Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8, 9 MGASA-2023-0263 Critical: Curl Injection And Memory Issues

mageia
Calendar Grey September 24, 2023
Dist Mageia Esm H88
Recent curl package updates tackle various security vulnerabilities in Mageia versions, with critical issues brought to attention.
TELNET option IAC injection

Summary

TELNET option IAC injection. (CVE-2023-27533)
SFTP path ~ resolving discrepancy. (CVE-2023-27534)
FTP too eager connection reuse. (CVE-2023-27535)
GSS delegation too eager connection re-use. (CVE-2023-27536)
HSTS double free. (CVE-2023-27537)
SSH connection too eager reuse still. (CVE-2023-27538)
UAF in SSH sha256 fingerprint check. (CVE-2023-28319)
siglongjmp race condition. (CVE-2023-28320)
IDN wildcard match. (CVE-2023-28321)
more POST-after-PUT confusion. (CVE-2023-28322)
HTTP headers eat all memory. (CVE-2023-38039)

References

- https://bugs.mageia.org/show_bug.cgi?id=31703

- https://curl.se/docs/CVE-2023-27533.html

- https://curl.se/docs/CVE-2023-27534.html

- https://curl.se/docs/CVE-2023-27535.html

- https://curl.se/docs/CVE-2023-27536.html

- https://curl.se/docs/CVE-2023-27537.html

- https://curl.se/docs/CVE-2023-27538.html

- https://ubuntu.com/security/notices/USN-5964-1

- https://curl.se/docs/CVE-2023-28319.html

- https://curl.se/docs/CVE-2023-28320.html

- https://curl.se/docs/CVE-2023-28321.html

- https://curl.se/docs/CVE-2023-28322.html

- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014913.html

- https://curl.se/docs/CVE-2023-32001.html

- https://curl.se/docs/CVE-2023-38039.html

- https://ubuntu.com/security/notices/USN-6363-1

- https://www.cve.org/CVERecord?id=CVE-2023-27533

- https://www.cve.org/CVERecord?id=CVE-2023-27534

- https://www.cve.org/CVERecord?id=CVE-2023-27535

- https://www.cve.org/CVERecord?id=CVE-2023-27536

- https://www.cve.org/CVERecord?id=CVE-2023-27537

- https://www.cve.org/CVERecord?id=CVE-2023-27538

- https://www.cve.org/CVERecord?id=CVE-2023-28319

- https://www.cve.org/CVERecord?id=CVE-2023-28320

- https://www.cve.org/CVERecord?id=CVE-2023-28321

- https://www.cve.org/CVERecord?id=CVE-2023-28322

- https://www.cve.org/CVERecord?id=CVE-2023-38039

Topics%20covered

Topics Covered

security advisory critical curl memory injection Mageia reuse

Resolution

SRPMS

- 8/core/curl-7.74.0-1.13.mga8

- 9/core/curl-7.88.1-3.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 24 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0263.html
Type: security
CVE: CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039

Topics%20covered

Topics Covered

security advisory critical curl memory injection Mageia reuse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here