ITUGLIB Update: Curl 7.88.0 Available

Discussion:

ITUGLIB Update: Curl 7.88.0 Available

(too old to reply)

Randall

2023-02-16 13:21:42 UTC

Hi Everyone,

Curl 7.88.0 is now available on the ITUGLIB website in the usual spot. The Change log for this release is at https://curl.se/changes.html#7_88_0 and contains fixes for the following CVEs:

* CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
* CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
* CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Randall

2023-02-20 16:40:31 UTC

Post by Randall
Hi Everyone,
* CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
* CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
* CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0
Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

If you haven't already downloaded this, don't bother. An emergency fix is coming imminently (7.88.1). I will post in a separate when it is available - probably later today.

1 Reply
1 View
Permalink to this page
Disable enhanced parsing

Thread Navigation

Randall 2023-02-16 13:21:42 UTC

Randall 2023-02-20 16:40:31 UTC

about - legalese

Loading...