Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545 Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake. CVE-2023-38546 It was discovered that under some circumstances libcurl was susceptible to cookie injection. For the oldstable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u10. For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u4. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool:
Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake.
It was discovered that under some circumstances libcurl was susceptible to cookie injection.
For the oldstable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u10.
For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u4.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl