2023-10-11 10:20: Vulnerability in cURL - update to version 8.4.0

#vulnerability Serious vulnerabilities have been discovered in the cURL tool collection. An update to the new version 8.4.0 should be done immediately.

The tool collection cURL is used in many IT services and programs and is also called the "Swiss Army Knife for handling URLs".

Current vulnerabilities (CVE-2023-38545, CVE-2023-38546) are described by the cURL developer as the "worst security problem found in cURL for a long time" (see [1]).

Therefore, an immediate update to version 8.4.0 is indicated (see [2]).

Service operators must review the use of cURL and libcurl on their systems and update to version 8.4.0 accordingly.

References:

[1] https://www.heise.de/news/cURL-Infos-zu-schlimmster-Sicherheitsluecke-seit-Langem-kommen-am-11-Oktober-9326134.html

[2] https://curl.se/download.html

Status: 2023-10-11 (MH)