taaz@biglemmowski.win to

Linux@lemmy.mlEnglish · 1 year ago

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 (CVE-2023-38545) · curl/curl · Discussion #12026

157

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 (CVE-2023-38545) · curl/curl · Discussion #12026

taaz@biglemmowski.win to

Linux@lemmy.mlEnglish · 1 year ago

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...

cross-posted from: https://biglemmowski.win/post/224873

Posted on twitter by Curl author Daniel Stenberg - https://nitter.cz/bagder/status/1709103920914526525

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including a fix for a severity HIGH CVE. Buckle up.

… But this time actually the worst security problem found in curl in a long time

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

Chat

taaz@biglemmowski.winOP
link
fedilink
English
arrow-up
2·
edit-2
1 year ago
To top it of it seems it’s also contained in libcurl, and getting RCEd just by doing a request does not sound fun.

Linux@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@lemmy.ml

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

975 users / day
4.54K users / week
8.38K users / month
12.3K users / 6 months
10 local subscribers
48K subscribers
4.88K Posts
115K Comments
Modlog