Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.

#Power

View Only

Back to discussions

Expand all | Collapse all

Security Advisory Curl - Update to 8.4.0 or higher needed

1. Security Advisory Curl - Update to 8.4.0 or higher needed

Like
Tobias Schröer
Posted Fri October 06, 2023 03:00 AM

Reply
Hi AIX OpenSource-Team,

please update curl, because of various security issues:

AFFECTED VERSIONS:
curl < 8.4.0

AIX-Toolbox:
8.2.1

CVE:

CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)

CVE-2023-38546: severity LOW (affects libcurl only, not the tool)

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026 · GitHub

------------------------------
Tobias Schröer
------------------------------

#AIXOpenSource
2. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

Like
SANGAMESH MALLAYYA
Posted Fri October 06, 2023 08:12 AM

Reply
Hi Tobias,

Thanks for the info.

We will update to latest available version soon.

------------------------------
SANGAMESH
------------------------------

Original Message
3. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

Like
Subba Reddy Reddem
Posted Thu October 12, 2023 11:34 PM

Reply
Hi Tobias,

For CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool) vulnerability if we upgrade curl version to 8.2.1 will it resolve this vulnerability.There is no 8.4.0 package in toolbox and for only curl package is present how can we get libcurl package also.

Can you please reply on priority.

Regards,

Subba Reddem

------------------------------
Subba Reddy Reddem
------------------------------

Original Message
4. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

Like
Jan Harris
Posted Thu October 26, 2023 08:08 PM

Reply
curl-8.4.0-1.aix7.1.ppc.rpm is available on the toolbox.

------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin TX
------------------------------

Original Message

Open Source Development

Power Open Source Development

Security Advisory Curl - Update to 8.4.0 or higher needed

Tobias SchröerFri October 06, 2023 03:00 AM

SANGAMESH MALLAYYAFri October 06, 2023 08:12 AM

Subba Reddy ReddemThu October 12, 2023 11:34 PM

Jan HarrisThu October 26, 2023 08:08 PM

1. Security Advisory Curl - Update to 8.4.0 or higher needed

2. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

3. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

4. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

Additional
Resources

Office

Quick Links

Open Source Development

Power Open Source Development

Security Advisory Curl - Update to 8.4.0 or higher needed

Tobias SchröerFri October 06, 2023 03:00 AM

SANGAMESH MALLAYYAFri October 06, 2023 08:12 AM

Subba Reddy ReddemThu October 12, 2023 11:34 PM

Jan HarrisThu October 26, 2023 08:08 PM

1. Security Advisory Curl - Update to 8.4.0 or higher needed

2. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

3. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

4. RE: Security Advisory Curl - Update to 8.4.0 or higher needed

Related Content

High severity vulnerability found in libcurl and curl

Security Advisory Curl - Update to 8.11.1 or higher needed

VIM CVE-2021-3875 - Security Advisory - Update to 8.2.3489 needed

Security Advisory curl - Update to 8.16.0 or higher needed

AIX Open Source Support Tips - Analyzing module loading errors

Additional Resources

Office

Quick Links

Additional
Resources