ITUGLIB Update: Curl 7.79.0 Available - Critical Update

Discussion:

ITUGLIB Update: Curl 7.79.0 Available - Critical Update

(too old to reply)

Randall

2021-09-15 19:25:11 UTC

Hi Everyone,

Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
* Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Randall

2021-09-22 19:57:29 UTC

Post by Randall
Hi Everyone,
* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
* Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Quick update: 7.79.1 was released as a quick-fix today. The builds are now available on ITUGLIB.

1 Reply
2 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Randall 2021-09-15 19:25:11 UTC

Randall 2021-09-22 19:57:29 UTC

about - legalese

Loading...