Updated curl packages fix security vulnerability
Publication date: 24 Sep 2023Modification date: 24 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-27533 , CVE-2023-27534 , CVE-2023-27535 , CVE-2023-27536 , CVE-2023-27537 , CVE-2023-27538 , CVE-2023-28319 , CVE-2023-28320 , CVE-2023-28321 , CVE-2023-28322 , CVE-2023-38039
Description
TELNET option IAC injection. (CVE-2023-27533)
SFTP path ~ resolving discrepancy. (CVE-2023-27534)
FTP too eager connection reuse. (CVE-2023-27535)
GSS delegation too eager connection re-use. (CVE-2023-27536)
HSTS double free. (CVE-2023-27537)
SSH connection too eager reuse still. (CVE-2023-27538)
UAF in SSH sha256 fingerprint check. (CVE-2023-28319)
siglongjmp race condition. (CVE-2023-28320)
IDN wildcard match. (CVE-2023-28321)
more POST-after-PUT confusion. (CVE-2023-28322)
HTTP headers eat all memory. (CVE-2023-38039)
References
- https://bugs.mageia.org/show_bug.cgi?id=31703
- https://curl.se/docs/CVE-2023-27533.html
- https://curl.se/docs/CVE-2023-27534.html
- https://curl.se/docs/CVE-2023-27535.html
- https://curl.se/docs/CVE-2023-27536.html
- https://curl.se/docs/CVE-2023-27537.html
- https://curl.se/docs/CVE-2023-27538.html
- https://ubuntu.com/security/notices/USN-5964-1
- https://curl.se/docs/CVE-2023-28319.html
- https://curl.se/docs/CVE-2023-28320.html
- https://curl.se/docs/CVE-2023-28321.html
- https://curl.se/docs/CVE-2023-28322.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014913.html
- https://curl.se/docs/CVE-2023-32001.html
- https://curl.se/docs/CVE-2023-38039.html
- https://ubuntu.com/security/notices/USN-6363-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
SRPMS
8/core
- curl-7.74.0-1.13.mga8
9/core
- curl-7.88.1-3.1.mga9