[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2382-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2382-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 26, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : curl
Version        : 7.52.1-5+deb9u12
CVE ID         : CVE-2020-8231


An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY, the wrong connection might be used when transfering data later.


For Debian 9 stretch, this problem has been fixed in version
7.52.1-5+deb9u12.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9vXzFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEefKw//aPzN4SXwKyjBn+69YXRuioMZybwIdidKU5PVTG5k+34hIgzZgGkULCCj
6vvrigyrPd+6A7649hQsufp7OHugGufBH6bIoDD9ipXgfzbdAdQJeVWepdhMFl5c
1pWN4rXFFauI7rwtmrstcBbRQraol/Z5dygsZWn3oBSAY8zgO/RY4Zfngs9Uhz7A
9c0Y2ePCIxVYNiAOsM5qT22tN3/rOFymW+W6fYyWrQ1gC6iBwcLb7OCNL69fXT0r
GyYg24ML/3EIgSXyIc/TZ9+rkYUuTz4O9UzfGwvIGIUcEhh/GXyOXcPTt0Iy7VPk
6WBZeW2Z4TcZvr0cEuuWrJfKAupG8IZsR8ggwGNEpc38KVB/8/K4zhuCriTWCa16
zoIzbZsX/ux1PBoucVxfPJRaTJTg1j4ekUAh2A7HcAioyckbsA2cAS8cetq4lWDx
WX9ZEqnK4CjyzHhuTC9/ZBL9B7W6OamHI9+0wWRh7xWr6JQcWAL05mIeN4IVaySx
OKsbsiPiNdIqlig2H0IlKUkZ1yArBJvleFp78uUnWw70F5/CIO4p8VQ/Wq8R4qCH
aLl5fUKSe/Q9ziKj9TWuKHgXeYlg/nHF47ZdN71xqYJdwoKnpsX0JSWht2RXDXTW
bA5fHKFH+fZa+kLnhSAnmvasL68MIhKLfCTO1XzGmaP1AQ5fOOw=
=0t6E
-----END PGP SIGNATURE-----


Reply to: