Author: Daniel Stenberg
Daniel Stenberg announced that curl 8.4.0 will be released on Wednesday, October 11th, which fixes two security bugs – one rated serious and one less serious. The HIGH rated one is probably the worst curl security flaw in a long time.
The critical bug has been labeled CVE-2023-38545 and affects the libcurl library as well as the curl line tool. The second bug is marked as CVE-2023-38546 and only affects the library. The fixes do not require changes to the API or ABI.
No further details have been released, we don’t even know which versions are affected by the bug. I can’t disclose any information about which version range is affected, as that would help identify the problem (area) with great precision. The ‘last few years’ versions are as specific as I can tell, Stenberg explains. The developers of Linux distributions have the information and are working on a fix.
2023-10-11 08:16:51
#Curl #fix #worst #security #bug #long #time #tomorrow #Root.cz