Lucene search

K
debianDebianDEBIAN:DLA-3341-1:A6E5E
HistoryFeb 24, 2023 - 11:17 a.m.

[SECURITY] [DLA 3341-1] curl security update

2023-02-2411:17:04
lists.debian.org
64
debian
curl
security update
http multi-header compression
denial of service
debian 10 buster

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

53.4%


Debian LTS Advisory DLA-3341-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
February 24, 2023 https://wiki.debian.org/LTS


Package : curl
Version : 7.64.0-4+deb10u5
CVE ID : CVE-2023-23916
Debian Bug : 1031371

HTTP multi-header compression denial of service has been fixed in curl,
a command line tool and library for transferring data with URLs.

For Debian 10 buster, this problem has been fixed in version
7.64.0-4+deb10u5.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

53.4%