[SECURITY] [DLA 2734-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2734-1] curl security update
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 13 Aug 2021 07:32:15 +0300
Message-id: <[🔎] 20210813043215.GA3744@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2734-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
August 09, 2021                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : curl
Version        : 7.52.1-5+deb9u15
CVE ID         : CVE-2021-22898 CVE-2021-22924
Debian Bug     : 989228 991492

Several vulnerabilities were fixed in curl,
a client-side URL transfer library.

CVE-2021-22898

    Information disclosure in connection to telnet servers.

CVE-2021-22924

    Bad connection reuse due to flawed path name checks.

For Debian 9 stretch, these problems have been fixed in version
7.52.1-5+deb9u15.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmEV9c8ACgkQiNJCh6LY
mLFELQ/+OjSngsdTi3UaNHxt94qCdCUhfSCtiN5650n5do1kouZgMYPESuwxcCoc
b8w1nYwoABjYICY0H1ogDHSpi0svdEDqXlHVAVIQLRGt4Ms7uG60/mSOFWcDsEJM
7onA/bCwTL1bPSvBciA5ESbB+Me2Wf7WkyBjtR2UBTCno/mgqHPM/H1UIthir3Al
Z/mp1E1PvxknKAX3kGuRz61P8Qn8/2YGuEtuBjZ0L7OPNZcVyIdjR8ikeZZIduEG
XOdx04rF0maaSn8KPzFXMLrd7X04SA3/5RuTjLGiS0PRfMjfi8VwlIhe42h2f+mv
RtHyRaegGL/AO6eBN/H/LcbFfPKw0TSqRAP0MOh9wLSPx1/vu8icl4qLwUxAReQX
sm/qpI2RFJgHg6N6H0ksEwtkYwNqWrSZZ0Dc3aNsYb1plRcEppAV+qyiOgJyxSMJ
MH6GvWNxG1tsWESeNmHQ9bFHQ08uZTN7j3zd6Q5P/eGwwM/JiVaX+HI5GRY9rlO7
v5d/R4F7phtLBrJ6+dOWZP2xEY4l0TFktCflX9FI+X95QL7ilWs7YKoB765roW3c
dSx7xFs2qfd9PTETStOPYiqHRFUD4aqrIP8j/2IqFkWL7YP4ffx3N3tu/FfPK14G
zR+vFWXVlMkaZ6yFS2c4l5n6+VJY1h/VeLff/ivoXABOIzZpsKA=
=ZKWS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2741-1] commons-io security update
Next by Date: [SECURITY] [DLA 2742-1] ffmpeg security update
Previous by thread: [SECURITY] [DLA 2741-1] commons-io security update
Next by thread: [SECURITY] [DLA 2742-1] ffmpeg security update
Index(es):
- Date
- Thread