Red Hat Security Advisory 2024-1129-03 - An update for curl is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
f2c74eb6648115701a1cab86282a4e0339dc9ed69a0324caf51dd6902fa56d93
Ubuntu Security Notice 6641-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains.
a7d9ffd24a024ab8781ee9e6e2b5c442a80ad8acaf458870a637f085aae82d59
Red Hat Security Advisory 2024-0452-03 - An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.
59e2662368262e84ce86198718c9a8669a00a1a3d43ce9d6de4d7098796c8675
Red Hat Security Advisory 2024-0434-03 - An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an information leakage vulnerability.
ec5af5d3212b1ca5fd551d60a576acdfcd0d90c882689828958fbd224a48ae9d
Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.
ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11a
Ubuntu Security Notice 6535-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
ca215c083aa04234eeac9747474bc5e11097cdc295d4a17e21b08c44522bcfd5