curl-8.4.0-1.aix7.1.ppc.rpm is available on the toolbox.
------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin TX
------------------------------
Original Message:
Sent: Thu October 12, 2023 11:33 PM
From: Subba Reddy Reddem
Subject: Security Advisory Curl - Update to 8.4.0 or higher needed
Hi Tobias,
For CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool) vulnerability if we upgrade curl version to 8.2.1 will it resolve this vulnerability.There is no 8.4.0 package in toolbox and for only curl package is present how can we get libcurl package also.
Can you please reply on priority.
Regards,
Subba Reddem
------------------------------
Subba Reddy Reddem
Original Message:
Sent: Fri October 06, 2023 02:59 AM
From: Tobias Schröer
Subject: Security Advisory Curl - Update to 8.4.0 or higher needed
Hi AIX OpenSource-Team,
please update curl, because of various security issues:
AFFECTED VERSIONS:
curl < 8.4.0
AIX-Toolbox:
8.2.1
CVE:
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)
CVE-2023-38546: severity LOW (affects libcurl only, not the tool)
Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026 · GitHub
------------------------------
Tobias Schröer
------------------------------