[SECURITY] [DSA 5365-1] curl security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5365-1] curl security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 27 Feb 2023 22:00:09 +0000
Message-id: <Y/0n6esD0lVHMNU9@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5365-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 27, 2023                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : curl
CVE ID         : CVE-2023-23916

Patrick Monnerat discovered that Curl's support for "chained" HTTP
compression algorithms was susceptible to denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 7.74.0-1.3+deb11u7. This update also fixes a regression in
the previously released fix for CVE-2022-27774.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmP9Il4ACgkQEMKTtsN8
TjZKEA//cK64gwXlsdkBMurkfaS4XVzPfAIPoR3b9Zun57OnO79Hb+Lubj23iva0
PpnHi5cyLDRC4RkQrICAygGGZkqBg0s5kA2aNv6sNF4CrF01cDHi5xbeb8SIb3K2
S6n/UOXST1zWlPjPsewoe+ct1dC53+24pelwVWNB8fRdvnbD49XQQ7eI8hZAWJpt
ebFXkfi7xOPrSgHJdOyHAjJK3qySqfOgfbBY3qy650Po3SHS+YAqztRl+/TQf/Al
fonzIypIHpcTDUyzJ9qBfLTUbui0HgjiaQbepp42+mUb/ajtbSlVHf+a+MXUm2Vr
5kE7SDdoXTQDHkdiuo0SFpxOhhGG3BV7RecX+4tKnfTP5ADr2MZ0XnVq5RJ6y9eL
1JOTxdFBPIIjzIpdCN2NrQdSXEk9faZv6L3HXoUA92rtXaxdqYD0UkNsOBYjBtJT
4TZOS3br3bsYUxveFGeJsHA0DTcv+k6NtHxE9XyTvPwjPZyAgck35K+4zPZkQxO1
fHGWXVCODsPm6g/TzPP1GrBzuLGS9fbhAF2+cVQkSPoO8eS7salDkR4k7HCshNuY
5qhLi5PQCTrlIhOfOueRoBj0dYtR96WePh8K6mQ1gA/KtQ+n/Ps+Obpnv75cdOF8
K03rqj/CFODZ/IqinIUr+8b+Pt50kTenU4Z6pacqleEz4WcVePc=
=7ySA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5364-1] apr-util security update
Next by Date: [SECURITY] [DSA 5366-1] multipath-tools security update
Previous by thread: [SECURITY] [DSA 5364-1] apr-util security update
Next by thread: [SECURITY] [DSA 5366-1] multipath-tools security update
Index(es):
- Date
- Thread