Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Slackware 14.0-15.0: 2022-131-01 Critical: Curl Package Security Update

slackware
Calendar Grey May 11, 2022
Dist Slackware Esm H88
Update the curl packages on Slackware 14.0, 14.1, 14.2, and 15.0 to enhance security and fix vulnerabilities that could be exploited by attackers
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.1-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://www.cve.org/CVERecord?id=CVE-2022-30115 https://www.cve.org/CVERecord?id=CVE-2022-27782 https://www.cve.org/CVERecord?id=CVE-2022-27781 https://www.cve.org/CVERecord?id=CVE-2022-27780 https://www.cve.org/CVERecord?id=CVE-2022-27779 https://www.cve.org/CVERecord?id=CVE-2022-27778 (*

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical security fix slackware curl package HSTS bypass TLS connector issue

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 093b1aaa62e80b753f79f298820eb970 curl-7.83.1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 540fc8583ce1617fbbf2b7bd87e7f5d7 curl-7.83.1-x86_64-1_slack14.0.txz
Slackware 14.1 package: e3d20fe8c0190a82981224f075822e32 curl-7.83.1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 87c5ab624b952dba8fe3c62bcc8fdf10 curl-7.83.1-x86_64-1_slack14.1.txz
Slackware 14.2 package: 0b4cf4fc0e0f57e02f22c8a30fa0384c curl-7.83.1-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: e2638431fcac5507df0cb6a0614d93c9 curl-7.83.1-x86_64-1_slack14.2.txz
Slackware 15.0 package: e07b502afff2e25b6f0a6d1a4c68b06a curl-7.83.1-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 049b7cf2c1d0919b8a3e33e0e4f3a621 curl-7.83.1-x86_64-1_slack15.0.txz
Slackware -current package: 9d1f293fe16a76941ba87c4871f0d9b3 n/curl-7.83.1-i586-1.txz
Slackware x86_64 -current package: cf525df94dc3f2e566ed1bb5565c6c75 n/curl-7.83.1-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical security fix slackware curl package HSTS bypass TLS connector issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-7.83.1-i586-1_slack15.0.txz

Related News

Your message here