Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Slackware 15.0: SSA:2023-079-01 Critical: Curl Security Issue

slackware
Calendar Grey March 20, 2023
Dist Slackware Esm H88
Recent curl updates for Slackware address various vulnerabilities such as SSH session reuse, HSTS double free errors, among others. Please upgrade without delay!
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.0.1-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: SSH connection too eager reuse still. HSTS double-free. GSS delegation too eager connection re-use. FTP too eager connection reuse. SFTP path ~ resolving discrepancy. TELNET option IAC injection. For more information, see: https://curl.se/docs/CVE-2023-27538.html https://curl.se/docs/CVE-2023-27537.html https://curl.se/docs/CVE-2023-27536.html https://curl.se/docs/CVE-2023-27535.html https://curl.se/docs/CVE-2023-27534.html https://curl.se/docs/CVE-2023-27533.html https://www.cve.org/CVERecord?id=CVE-2023-27538 https://www.cve.org/CVERecord?id=CVE-2023-27537 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://www.cve.org/CVERecord?id=CVE-2023-27533 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue update Slackware SSH curl HSTS

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: c2cf29f94cc2912378e25259f9c3510c curl-8.0.1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: c20b8766ac841a8c4adecdf899b176a0 curl-8.0.1-x86_64-1_slack14.0.txz
Slackware 14.1 package: aa8f7bb788213d3294cdb228f5473d86 curl-8.0.1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: d9e6f5ba0c633d8e9f851a47ce31afcb curl-8.0.1-x86_64-1_slack14.1.txz
Slackware 14.2 package: b6074e12672fc76f78ca39812afa9ff6 curl-8.0.1-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 66ea85ff1e36332ca1e898168484acd1 curl-8.0.1-x86_64-1_slack14.2.txz
Slackware 15.0 package: 248b6591ca1b8de8f63e8101a609be4b curl-8.0.1-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: b44ec3d1a5e70c35cf160657e02a8a7c curl-8.0.1-x86_64-1_slack15.0.txz
Slackware -current package: c5ab165fb9f71a7a0e9da4be0c6a7a27 n/curl-8.0.1-i586-1.txz
Slackware x86_64 -current package: caf4f2f1cef362774ab17b5026ae392c n/curl-8.0.1-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue update Slackware SSH curl HSTS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-8.0.1-i586-1_slack15.0.txz

Your message here