AIX Open Source

Expand all | Collapse all

Curl - Security Advisory - Update to 7.79.0 needed

Jump to Best Answer
  • 1.  Curl - Security Advisory - Update to 7.79.0 needed

    Posted Thu September 16, 2021 03:39 AM

    Hi AIX OpenSource-Team,

    please update curl, because of the following security issues.

    AIX Toolbox Version: 7.76.1


    AFFECTED VERSIONS

    RECOMMENDATIONS
    A - Upgrade curl to version 7.79.0
    B - Apply the patch to your local version
    C - Do not use MQTT


    ---

    Curl Security Advisory 2021-09-14
    https://curl.se/docs/CVE-2021-22945.html

    Curl Security Advisory 2021-09-14
    https://curl.se/docs/CVE-2021-22946.html

    Curl Security Advisory 2021-09-14
    https://curl.se/docs/CVE-2021-22947.html

    ---



    ------------------------------
    Niklas
    System Engineer UNIX and Linux on Power
    ------------------------------


  • 2.  RE: Curl - Security Advisory - Update to 7.79.0 needed

    Posted Mon September 20, 2021 02:36 AM
    Hi Niklas,

    Thank you for reporting this.
    We will look into this.

    ------------------------------
    SANKET RATHI
    ------------------------------



  • 3.  RE: Curl - Security Advisory - Update to 7.79.0 needed

    Posted 23 days ago
    Edited by Niklas V. 23 days ago
    Hi Senket,

    is there an update? Secure operation is extremely important for our mission-critical AIX systems.

    ------------------------------
    Niklas
    System Engineer UNIX and Linux on Power
    ------------------------------




  • 4.  RE: Curl - Security Advisory - Update to 7.79.0 needed

    Posted 21 days ago
    We are working on building and testing latest curl.
    There are some process before publishing and it is taking time.
    Hope to publish the new curl in couple of weeks.

    ------------------------------
    SANKET RATHI
    ------------------------------



  • 5.  RE: Curl - Security Advisory - Update to 7.79.0 needed
    Best Answer

    Posted 18 days ago
    curl version 7.79.1 is uploaded on AIX toolbox. This version has fix for mentioned CVEs.
    Please find the new curl version at following location.
    https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/curl/?C=M;O=D

    ------------------------------
    SANKET RATHI
    ------------------------------