USN-5891-1: curl vulnerabilities

Read Time:39 Second

Harry Sintonen discovered that curl incorrectly handled HSTS support
when multiple URLs are requested serially. A remote attacker could possibly
use this issue to cause curl to use unencrypted connections. This issue
only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23914)

Harry Sintonen discovered that curl incorrectly handled HSTS support
when multiple URLs are requested in parallel. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23915)

Patrick Monnerat discovered that curl incorrectly handled memory when
processing requests with multi-header compression. A remote attacker could
possibly use this issue to cause curl to consume resources, leading to a
denial of service. (CVE-2023-23916)

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack

Smashing Security podcast #413: Hacking the hackers… with a credit card?

CVE Program Almost Unfunded

Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

pgbouncer-1.24.1-1.el9

pgbouncer-1.24.1-2.el8

pgbouncer-1.24.1-2.fc40

pgbouncer-1.24.1-2.fc42

pgbouncer-1.24.1-2.el10_1

pgbouncer-1.24.1-2.fc41