cURL has issued advisories today (February 15): https://curl.se/docs/CVE-2023-23914.html https://curl.se/docs/CVE-2023-23915.html https://curl.se/docs/CVE-2023-23916.html The issues are fixed upstream in 7.88.0. Stig-Ørjan has already updated Cauldron. Mageia 8 is also affected by CVE-2023-23916.
Assigning to Stig, but if this is not appropriate, CC'ing NicolasS who did the last CVE update.
CC: (none) => nicolas.salgueroAssignee: bugsquad => smelror
7.88.0 was sent to the build system for Cauldron earlier today.
(In reply to Stig-Ørjan Smelror from comment #2) > 7.88.0 was sent to the build system for Cauldron earlier today. Yes, already noted. Mageia 8 needs to be patched.
Suggested advisory: ======================== The updated packages fix a security vulnerability: HTTP multi-header compression denial of service. (CVE-2023-23916) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html ======================== Updated packages in core/updates_testing: ======================== curl-7.74.0-1.11.mga8 curl-examples-7.74.0-1.11.mga8 lib(64)curl4-7.74.0-1.11.mga8 lib(64)curl-devel-7.74.0-1.11.mga8 from SRPM: curl-7.74.0-1.11.mga8.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2023-23916Assignee: smelror => qa-bugs
As in bug 31306 rebooted, wifi is OK and checked settingsn in Netwerk Center: all OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
mga8 -64, plasma, nvidia-current, intel i7, Swedish Updated existing packages to: - curl-7.74.0-1.11.mga8.x86_64 - lib64curl-devel-7.74.0-1.11.mga8.x86_64 - lib64curl4-7.74.0-1.11.mga8.x86_64 rebooted. downloaded a file from internet OK Due to Bug 24362 - Change default package downloader to wget *I* am *not* testing it for updates use
CC: (none) => fri
Validating. Advisory in comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0054.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED