Debian 10226 Published by

A curl security update has been released for Debian GNU/Linux 10 to address a rare issue when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY.



ELA-284-1 curl security update


Package curl
Version 7.38.0-4+deb8u18
Related CVEs CVE-2020-8231
An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY, the wrong connection might be used when transfering data later.

For Debian 8 jessie, these problems have been fixed in version 7.38.0-4+deb8u18.

We recommend that you upgrade your curl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-284-1 curl security update