[SECURITY] [DSA 5523-1] curl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5523-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 11, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2023-38545 CVE-2023-38546
Two security issues were found in Curl, an easy-to-use client-side URL
transfer library and command line tool:
CVE-2023-38545
Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake.
CVE-2023-38546
It was discovered that under some circumstances libcurl was
susceptible to cookie injection.
For the oldstable distribution (bullseye), these problems have been fixed
in version 7.74.0-1.3+deb11u10.
For the stable distribution (bookworm), these problems have been fixed in
version 7.88.1-10+deb12u4.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
A curl security update has been released for Debian GNU/Linux 11 and 12 to address two security issues.
