Fedora Linux 8784 Published by

Updated curl packages has been released for Fedora 39 to address two security issues:

Fedora 39 Update: curl-8.2.1-4.fc39




Fedora 39 Update: curl-8.2.1-4.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9de8973300
2023-12-10 01:35:41.293236
--------------------------------------------------------------------------------

Name : curl
Product : Fedora 39
Version : 8.2.1
Release : 4.fc39
URL : https://curl.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

- fix HSTS long file name clears contents (CVE-2023-46219) - fix cookie mixed
case PSL bypass (CVE-2023-46218)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 6 2023 Jan Macku [jamacku@redhat.com] - 8.2.1-4
- fix HSTS long file name clears contents (CVE-2023-46219)
- fix cookie mixed case PSL bypass (CVE-2023-46218)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2252030 - CVE-2023-46218 curl: information disclosure by exploiting a mixed case flaw
https://bugzilla.redhat.com/show_bug.cgi?id=2252030
[ 2 ] Bug #2252034 - CVE-2023-46219 curl: excessively long file name may lead to unknown HSTS status
https://bugzilla.redhat.com/show_bug.cgi?id=2252034
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9de8973300' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--