Gentoo Linux Security Advisory 202310-12 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[28] Download^[29]

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202310-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: October 11, 2023
Bugs: #887745, #894676, #902801, #906590, #910564, #914091, #915195
ID: 202310-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in curl, the worst of
which could result in arbitrary code execution.
Background
==========
A command line tool and library for transferring data with URLs.
Affected packages
=================
Package        Vulnerable    Unaffected
-------------  ------------  ------------
net-misc/curl  < 8.3.0-r2    >= 8.3.0-r2
Description
===========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Note that the risk of remote code execution is limited to SOCKS usage.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-8.3.0-r2"
References
==========
[ 1 ] CVE-2022-43551
https://nvd.nist.gov/vuln/detail/CVE-2022-43551
[ 2 ] CVE-2022-43552
https://nvd.nist.gov/vuln/detail/CVE-2022-43552
[ 3 ] CVE-2023-23914
https://nvd.nist.gov/vuln/detail/CVE-2023-23914
[ 4 ] CVE-2023-23915
https://nvd.nist.gov/vuln/detail/CVE-2023-23915
[ 5 ] CVE-2023-23916
https://nvd.nist.gov/vuln/detail/CVE-2023-23916
[ 6 ] CVE-2023-27533
https://nvd.nist.gov/vuln/detail/CVE-2023-27533
[ 7 ] CVE-2023-27534
https://nvd.nist.gov/vuln/detail/CVE-2023-27534
[ 8 ] CVE-2023-27535
https://nvd.nist.gov/vuln/detail/CVE-2023-27535
[ 9 ] CVE-2023-27536
https://nvd.nist.gov/vuln/detail/CVE-2023-27536
[ 10 ] CVE-2023-27537
https://nvd.nist.gov/vuln/detail/CVE-2023-27537
[ 11 ] CVE-2023-27538
https://nvd.nist.gov/vuln/detail/CVE-2023-27538
[ 12 ] CVE-2023-28319
https://nvd.nist.gov/vuln/detail/CVE-2023-28319
[ 13 ] CVE-2023-28320
https://nvd.nist.gov/vuln/detail/CVE-2023-28320
[ 14 ] CVE-2023-28321
https://nvd.nist.gov/vuln/detail/CVE-2023-28321
[ 15 ] CVE-2023-28322
https://nvd.nist.gov/vuln/detail/CVE-2023-28322
[ 16 ] CVE-2023-32001
https://nvd.nist.gov/vuln/detail/CVE-2023-32001
[ 17 ] CVE-2023-38039
https://nvd.nist.gov/vuln/detail/CVE-2023-38039
[ 18 ] CVE-2023-38545
https://nvd.nist.gov/vuln/detail/CVE-2023-38545
[ 19 ] CVE-2023-38546
https://nvd.nist.gov/vuln/detail/CVE-2023-38546
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-12
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5

• Follow us on Twitter^[32]
• Follow us on Facebook^[33]
• Subscribe to an RSS Feed^[34]

File Tags

• ActiveX^[35] (932)
• Advisory^[36] (82,516)
• Arbitrary^[37] (16,326)
• BBS^[38] (2,859)
• Bypass^[39] (1,767)
• CGI^[40] (1,029)
• Code Execution^[41] (7,350)
• Conference^[42] (680)
• Cracker^[43] (843)
• CSRF^[44] (3,352)
• DoS^[45] (23,642)
• Encryption^[46] (2,372)
• Exploit^[47] (52,172)
• File Inclusion^[48] (4,231)
• File Upload^[49] (977)
• Firewall^[50] (821)
• Info Disclosure^[51] (2,798)
• Intrusion Detection^[52] (895)
• Java^[53] (3,054)
• JavaScript^[54] (870)
• Kernel^[55] (6,774)
• Local^[56] (14,527)
• Magazine^[57] (586)
• Overflow^[58] (12,788)
• Perl^[59] (1,423)
• PHP^[60] (5,156)
• Proof of Concept^[61] (2,345)
• Protocol^[62] (3,628)
• Python^[63] (1,546)
• Remote^[64] (30,934)
• Root^[65] (3,598)
• Rootkit^[66] (513)
• Ruby^[67] (612)
• Scanner^[68] (1,644)
• Security Tool^[69] (7,912)
• Shell^[70] (3,202)
• Shellcode^[71] (1,216)
• Sniffer^[72] (896)
• Spoof^[73] (2,213)
• SQL Injection^[74] (16,424)
• TCP^[75] (2,417)
• Trojan^[76] (687)
• UDP^[77] (896)
• Virus^[78] (666)
• Vulnerability^[79] (31,937)
• Web^[80] (9,738)
• Whitepaper^[81] (3,753)
• x86^[82] (965)
• XSS^[83] (18,014)
• Other^[84]

File Archives

• October 2023^[85]
• September 2023^[86]
• August 2023^[87]
• July 2023^[88]
• June 2023^[89]
• May 2023^[90]
• April 2023^[91]
• March 2023^[92]
• February 2023^[93]
• January 2023^[94]
• December 2022^[95]
• November 2022^[96]
• Older^[97]

Systems

• AIX^[98] (428)
• Apple^[99] (2,026)
• BSD^[100] (375)
• CentOS^[101] (57)
• Cisco^[102] (1,925)
• Debian^[103] (6,862)
• Fedora^[104] (1,692)
• FreeBSD^[105] (1,246)
• Gentoo^[106] (4,350)
• HPUX^[107] (879)
• iOS^[108] (358)
• iPhone^[109] (108)
• IRIX^[110] (220)
• Juniper^[111] (69)
• Linux^[112] (47,003)
• Mac OS X^[113] (691)
• Mandriva^[114] (3,105)
• NetBSD^[115] (256)
• OpenBSD^[116] (486)
• RedHat^[117] (14,016)
• Slackware^[118] (941)
• Solaris^[119] (1,610)
• SUSE^[120] (1,444)
• Ubuntu^[121] (8,984)
• UNIX^[122] (9,323)
• UnixWare^[123] (186)
• Windows^[124] (6,592)
• Other^[125]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/175074/glsa-202310-12.txt