Hello Curl Users,
Today, we have important information to share about recent developments that affect the safety and functionality of your systems. The Curl application, the workhorse for many programs on your computer, allowing seamless communication with the Internet, has recently been found to contain a potential security vulnerability, officially known as CVE-2023-38545.
This vulnerability, tied to how Curl handles extremely long hostnames in a SOCKS5 proxy handshake, can open the door to a "buffer overflow" scenario. In layman's terms, if the data Curl comes across exceeds the space initially dedicated to it, it can potentially harm the system.
Can you imagine the risks? Any software or applications on your system using Curl could inadvertently become a gateway for malicious attacks. These could be unauthorized access, manipulation of data, or other dangerous exploits.
Luckily, the fantastic team over at Curl has already developed a fix! They've released an update—version 8.4.0—to rectify this issue and prevent these potential attacks. Think of this update as reinforcing the locks on your house — ensuring maximum security against any unwelcome intrusions.
We cannot stress this enough: for the sake of good digital hygiene and to maintain a secure system, we strongly recommend you upgrade your curl application to the latest version.
As Curl users, let's all practice safety first: lock those digital doors and keep those potential intruders out! Update now and rest easy knowing your system is secure.
Read on to learn about other severe and impactful vulnerabilities recently discovered and fixed in your open-source programs and applications.
If you found today’s newsletter valuable, please share it with a fellow security geek! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, knowledgeable community members like you!
Stay safe out there,
CurlThe DiscoveryDistros continue to release updates for a severe heap-based buffer overflow flaw (CVE-2023-38545) found in the SOCKS5 proxy handshake in the Curl HTTP, HTTPS, and FTP client and client libraries. In layman's terms, if the data Curl comes across exceeds the space initially dedicated to it, it can potentially harm the system. This remotely exploitable security bug threatens impacted systems' confidentiality, integrity, and availability. |
PopplerThe DiscoveryUncontrolled Recursion has been discovered in pdfinfo and pdftops in version 0.89.0 of the Poppler PDF rendering library (CVE-2020-23804). This severe stack overflow vulnerability, which has received a National Vulnerability Database base score of 7.5 out of 10, significantly threatens the availability of impacted systems. |
ChromiumThe DiscoveryHave you updated to fix the vulnerabilities recently patched in Chromium? Distros are rolling out updates mitigating a severe, remotely exploitable Type Confusion vulnerability found in Chromium (CVE-2023-5346). Due to its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 8.8 out of 10 (“High” severity). Other significant security vulnerabilities have also been discovered in Chromium, including inappropriate implementation in Custom Tabs, Prompts, Input, Custom Mobile Tabs, Autofill, Intents, Picture in Picture, and Interstitials, and insufficient policy enforcement in Downloads. |
