[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2295-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2295-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 28, 2020                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : curl
Version        : 7.52.1-5+deb9u11
CVE ID         : CVE-2020-8177


A vulnerbailty was found in curl, a command line tool for transferring
data with URL syntax.

When using when using -J (--remote-header-name) and -i (--include) in
the same command line, a malicious server could force curl to overwrite
the contents of local files with incoming HTTP headers.


For Debian 9 stretch, this problem has been fixed in version
7.52.1-5+deb9u11.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8giq9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeFvw//dkvFtA9kEIduqD6/VTnlMl3fLeHmD9n+qX8zNq+xHc9KRL1OVbhzEezM
KYcSzuIMxrC3hvQpxspZniCcMpmrY/Cw1E21UWVAqYEY2heiY58/ZW/koXOxf4A+
Ji/G6mfcLirr3K8Th6TG6Cqdvu6y6alt0+ySCzhZ/gYf5wjKdGGVwGylu01WKb15
X+XPToIHk1yztlVQHUQodSxfA1U4rQbMu2Zouc6AK/u0p/kB57+/ghaAfiKNg906
W8Sy7lo5WB55cmQFR0wvx5kJ1WzOPLPD+1Sr3a8jC507EUiUARzykRCw1fh4UM3U
qj3NyVCeUUbwmFzHCromjZ/6jqb0ZtAW4+KToOhx4STrjE2gI6cDwRvoKHcxoa6e
LU8mc020FbG4CcwIWTXGLbhz98MRu8lV6r26gHynbweCOoO/uWDsH0e2DKZkEvXV
WegsL/CLnthsuM0vdnPiZRqwcj0pVSTNyYE0MdZIZPA6IfhbxfH0Q7LhXE2sZ0n3
f/azKx1unePWypBZ7GX9rpTyQM5tym1Ymo5odSlSjiz7gCroUNPevX+EpSI3Kge2
SXU3ktfEm4Njn4xOeyoc5xhWVogpMQXdpPLPW4BFwBjYxkYCCJeDBsdg7OUlEy5G
QyJ6MKjv8SRjgEWC60D1vJWg6N67OKpnypAzIgyO6lSFYWVxPzw=
=pk/n
-----END PGP SIGNATURE-----


Reply to: