[SECURITY] [DSA 5330-1] curl security update

2023-01-2717:53:54

lists.debian.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.3%

JSON

Debian Security Advisory DSA-5330-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2023 https://www.debian.org/security/faq

Package : curl
CVE ID : CVE-2022-32221 CVE-2022-43552

Two vulnerabilities were discovered in Curl, an easy-to-use client-side
URL transfer library, which could result in denial of service or
information disclosure.

For the stable distribution (bullseye), these problems have been fixed in
version 7.74.0-1.3+deb11u5. This update also revises the fix for
CVE-2022-27774 released in DSA-5197-1.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10amd64libcurl3-gnutls< 7.64.0-4+deb10u4libcurl3-gnutls_7.64.0-4+deb10u4_amd64.deb
Debian11i386libcurl4-gnutls-dev< 7.74.0-1.3+deb11u5libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_i386.deb
Debian11ppc64elcurl-dbgsym< 7.74.0-1.3+deb11u5curl-dbgsym_7.74.0-1.3+deb11u5_ppc64el.deb
Debian10i386libcurl4-gnutls-dev< 7.64.0-4+deb10u4libcurl4-gnutls-dev_7.64.0-4+deb10u4_i386.deb
Debian11s390xcurl< 7.74.0-1.3+deb11u5curl_7.74.0-1.3+deb11u5_s390x.deb
Debian10allcurl< 7.64.0-4+deb10u4curl_7.64.0-4+deb10u4_all.deb
Debian10armhfcurl< 7.64.0-4+deb10u4curl_7.64.0-4+deb10u4_armhf.deb
Debian11allcurl< 7.74.0-1.3+deb11u5curl_7.74.0-1.3+deb11u5_all.deb
Debian11s390xlibcurl4-gnutls-dev< 7.74.0-1.3+deb11u5libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_s390x.deb
Debian11mipselcurl-dbgsym< 7.74.0-1.3+deb11u5curl-dbgsym_7.74.0-1.3+deb11u5_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	libcurl3-gnutls	< 7.64.0-4+deb10u4	libcurl3-gnutls_7.64.0-4+deb10u4_amd64.deb
Debian	11	i386	libcurl4-gnutls-dev	< 7.74.0-1.3+deb11u5	libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_i386.deb
Debian	11	ppc64el	curl-dbgsym	< 7.74.0-1.3+deb11u5	curl-dbgsym_7.74.0-1.3+deb11u5_ppc64el.deb
Debian	10	i386	libcurl4-gnutls-dev	< 7.64.0-4+deb10u4	libcurl4-gnutls-dev_7.64.0-4+deb10u4_i386.deb
Debian	11	s390x	curl	< 7.74.0-1.3+deb11u5	curl_7.74.0-1.3+deb11u5_s390x.deb
Debian	10	all	curl	< 7.64.0-4+deb10u4	curl_7.64.0-4+deb10u4_all.deb
Debian	10	armhf	curl	< 7.64.0-4+deb10u4	curl_7.64.0-4+deb10u4_armhf.deb
Debian	11	all	curl	< 7.74.0-1.3+deb11u5	curl_7.74.0-1.3+deb11u5_all.deb
Debian	11	s390x	libcurl4-gnutls-dev	< 7.74.0-1.3+deb11u5	libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_s390x.deb
Debian	11	mipsel	curl-dbgsym	< 7.74.0-1.3+deb11u5	curl-dbgsym_7.74.0-1.3+deb11u5_mipsel.deb