Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-02-11 08:48:30 +01:00
Code Issues Projects Releases Packages Wiki Activity
slackware-current/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt
Patrick J Volkerding b9cb99a88e Wed Jul 19 20:36:46 UTC 2023 
patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  fopen race condition.
  For more information, see:
    https://curl.se/docs/CVE-2023-32001.html
    https://www.cve.org/CVERecord?id=CVE-2023-32001
  (* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
  execution relating to PKCS#11 providers.
  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
  execution via a forwarded agent socket if the following conditions are met:
  * Exploitation requires the presence of specific libraries on the victim
    system.
  * Remote exploitation requires that the agent was forwarded to an
    attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an empty
  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
  contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable by the
  Qualys Security Advisory team.
  Potentially-incompatible changes:
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
  issued by remote clients by default. A flag has been added to restore the
  previous behaviour: "-Oallow-remote-pkcs11".
  For more information, see:
    https://www.openssh.com/txt/release-9.3p2
    https://www.cve.org/CVERecord?id=CVE-2023-38408
  (* Security fix *)
2023-07-21 13:30:33 +02:00

11 lines
552 B
Text
Raw Blame History

curl: curl (command line URL data transfer tool)
curl:
curl: Curl is a command line tool for transferring data specified with URL
curl: syntax. The command is designed to work without user interaction or
curl: any kind of interactivity. Curl offers a busload of useful tricks
curl: like proxy support, user authentication, ftp upload, HTTP post, SSL
curl: (https:) connections, cookies, file transfer resume and more.
curl:
curl: libcurl is a library that Curl uses to do its job. It is readily
curl: available to be used by your software, too.
curl:
Reference in a new issue View git blame Copy permalink