4 matches found
CLSA-2023-1681491763 curl: Fix of 3 CVEs
CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27535: fix behavior when FTP too eager connection reuse - CVE-2023-27536: do not reuse connections with different GSS delegations...
CLSA-2023-1681491348 Fix CVE(s): CVE-2023-27536, CVE-2023-27535, CVE-2023-27533
SECURITY UPDATE: Telnet option IAC injection - debian/patches/CVE-2023-27533.patch: only accept option arguments in ascii to avoid embedded telnet negotiation commands - CVE-2023-27533 SECURITY UPDATE: FTP too eager connection reuse - debian/patches/CVE-2023-27535.patch: add more conditions for...
DEBIAN-CVE-2023-27535
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
AZL-38512 CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...