-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  curl (SSA:2021-202-02)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.78.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes security issues:
  CURLOPT_SSLCERT mixup with Secure Transport
  TELNET stack contents disclosure again
  Bad connection reuse due to flawed path name checks
  Metalink download sends credentials
  Wrong content via metalink not discarded
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22926
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 package:
36c0577e4fb5ec3916ca08723c02745d  curl-7.78.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
89bdac9fbe9219ff4feb03a2c879bea9  curl-7.78.0-x86_64-1_slack14.0.txz

Slackware 14.1 package:
b5fbcd000bf09c0a46d1ad6ff369f91a  curl-7.78.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
53d76579584b6ede3487d7f7eb915ba9  curl-7.78.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
91be99e064eda0e0f6099495ba21117d  curl-7.78.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c99a8249e4b1b37dc01c17545d6346e3  curl-7.78.0-x86_64-1_slack14.2.txz

Slackware -current package:
305305032335ed9455dd253f331b43f7  n/curl-7.78.0-i586-1.txz

Slackware x86_64 -current package:
0cb3ee1ff68eac68483d529146a28b23  n/curl-7.78.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg curl-7.78.0-i586-1_slack14.2.txz


+-----+

Slackware: 2021-202-02: curl Security Update

July 21, 2021
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.78.0-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: CURLOPT_SSLCERT mixup with Secure Transport TELNET stack contents disclosure again Bad connection reuse due to flawed path name checks Metalink download sends credentials Wrong content via metalink not discarded For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 36c0577e4fb5ec3916ca08723c02745d curl-7.78.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 89bdac9fbe9219ff4feb03a2c879bea9 curl-7.78.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: b5fbcd000bf09c0a46d1ad6ff369f91a curl-7.78.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 53d76579584b6ede3487d7f7eb915ba9 curl-7.78.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 91be99e064eda0e0f6099495ba21117d curl-7.78.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: c99a8249e4b1b37dc01c17545d6346e3 curl-7.78.0-x86_64-1_slack14.2.txz
Slackware -current package: 305305032335ed9455dd253f331b43f7 n/curl-7.78.0-i586-1.txz
Slackware x86_64 -current package: 0cb3ee1ff68eac68483d529146a28b23 n/curl-7.78.0-x86_64-1.txz

Severity
[slackware-security] curl (SSA:2021-202-02)
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg curl-7.78.0-i586-1_slack14.2.txz

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved