Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Slackware 15.0: SSA:2023-284-01 High Risk: Curl Buffer Overflow

slackware
Calendar Grey October 11, 2023
Dist Slackware Esm H88
Latest curl updates released for Slackware to fix vulnerabilities such as memory corruption and session hijacking.
New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.4.0-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Cookie injection with none file. SOCKS5 heap buffer overflow. For more information, see: https://curl.se/docs/CVE-2023-38546.html https://curl.se/docs/CVE-2023-38545.html https://www.cve.org/CVERecord?id=CVE-2023-38546 https://www.cve.org/CVERecord?id=CVE-2023-38545 (* Security fix *)

Topics%20covered

Topics Covered

security advisory buffer overflow slackware upgrade curl high risk cookie injection

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-8.4.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-8.4.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-8.4.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-8.4.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-8.4.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: c5856271ee53ae936025066c04c4e663 curl-8.4.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 5ab9ada8dbb82d5cb3872a2a6ed9a4f9 curl-8.4.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9c1ca359acd95360e49ba2a3e8f843a5 curl-8.4.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 411339a27545d4c752c78516bd9a797e curl-8.4.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 3a5bc572fab74a0cf05187ec910cc791 curl-8.4.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: eab3e2d3188c1c46ae1c0e227f3f8504 curl-8.4.0-x86_64-1_slack14.2.txz
Slackware 15.0 package: 57fb9f6743088f715c6d361b582e1fe8 curl-8.4.0-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 7f8d884a6bbfa716996f251e799a6ff9 curl-8.4.0-x86_64-1_slack15.0.txz
Slackware -current package: 0e62f805dd963a9f375b6368f46e30ae n/curl-8.4.0-i586-1.txz
Slackware x86_64 -current package: d31b1d73ebde626b7a2ae6c2213d3d6c n/curl-8.4.0-x86_64-1.txz

Topics%20covered

Topics Covered

security advisory buffer overflow slackware upgrade curl high risk cookie injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-8.4.0-i586-1_slack15.0.txz

Related News

Your message here