Lucene search

DebianDEBIAN:DSA-5330-1:4423D

HistoryJan 27, 2023 - 5:54 p.m.

[SECURITY] [DSA 5330-1] curl security update

2023-01-2717:54:20

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.7%

JSON

Debian Security Advisory DSA-5330-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2023 https://www.debian.org/security/faq

Package : curl
CVE ID : CVE-2022-32221 CVE-2022-43552

Two vulnerabilities were discovered in Curl, an easy-to-use client-side
URL transfer library, which could result in denial of service or
information disclosure.

For the stable distribution (bullseye), these problems have been fixed in
version 7.74.0-1.3+deb11u5. This update also revises the fix for
CVE-2022-27774 released in DSA-5197-1.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11allcurl< 7.74.0-1.3+deb11u5curl_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl4-openssl-dev< 7.74.0-1.3+deb11u5libcurl4-openssl-dev_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl4-doc< 7.74.0-1.3+deb11u5libcurl4-doc_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl4-nss-dev< 7.74.0-1.3+deb11u5libcurl4-nss-dev_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl3-gnutls< 7.74.0-1.3+deb11u5libcurl3-gnutls_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl4-gnutls-dev< 7.74.0-1.3+deb11u5libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl3-nss< 7.74.0-1.3+deb11u5libcurl3-nss_7.74.0-1.3+deb11u5_all.deb
Debian11alllibcurl4< 7.74.0-1.3+deb11u5libcurl4_7.74.0-1.3+deb11u5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	curl	< 7.74.0-1.3+deb11u5	curl_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl4-openssl-dev	< 7.74.0-1.3+deb11u5	libcurl4-openssl-dev_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl4-doc	< 7.74.0-1.3+deb11u5	libcurl4-doc_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl4-nss-dev	< 7.74.0-1.3+deb11u5	libcurl4-nss-dev_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl3-gnutls	< 7.74.0-1.3+deb11u5	libcurl3-gnutls_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl4-gnutls-dev	< 7.74.0-1.3+deb11u5	libcurl4-gnutls-dev_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl3-nss	< 7.74.0-1.3+deb11u5	libcurl3-nss_7.74.0-1.3+deb11u5_all.deb
Debian	11	all	libcurl4	< 7.74.0-1.3+deb11u5	libcurl4_7.74.0-1.3+deb11u5_all.deb