curl: Public-suffix cookie injection when libpsl is disabled

Summary: When libcurl is built without libpsl, Domain attribute validation accepts public suffixes like .co.uk, allowing a malicious host to plant cookies that are later sent to unrelated sibling domains using the same cookie jar. AI assistance was used to draft this report. Steps to Reproduce: 1...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-558)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-558 advisory. This update enables libpsl support in curl, which adds protection against domain spanning super cookies as described in section 5.3 of RFC 6265. Tenable has extracted the preceding description block...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.3.20240304 to update your system. New Packages: aarch6...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.3.20240304 or dnf update --advisory ALAS2023-2024-558...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

new packages: libpsl

An update is available for libpsl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

libpsl bug fix and enhancement update

An update is available for libpsl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

ALEA-2020:4555 libpsl bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

libpsl bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

libpsl: Stack-buffer-overflow in _psl_idna_toASCII

Project: https://github.com/rockdaboot/libpsl.git Detailed report: https://oss-fuzz.com/testcase?key=5165632150568960 Project: libpsl Fuzzer: libFuzzerlibpsliculoadfuzzer Fuzz target binary: libpsliculoadfuzzer Job Type: libfuzzerasanlibpsl Platform Id: linux Crash Type: Stack-buffer-overflow REA...

libpsl: Heap-buffer-overflow in idn2_lookup_u8

Project: https://github.com/rockdaboot/libpsl.git Detailed report: https://oss-fuzz.com/testcase?key=5914812372484096 Project: libpsl Fuzzer: afllibpslloadfuzzer Fuzz target binary: libpslloadfuzzer Job Type: aflasanlibpsl Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address:...