USN-5964-1: curl vulnerabilities

Read Time:44 Second

Harry Sintonen discovered that curl incorrectly handled certain TELNET
connection options. Due to lack of proper input scrubbing, curl could pass
on user name and telnet options to the server as provided, contrary to
expectations. (CVE-2023-27533)

Harry Sintonen discovered that curl incorrectly handled special tilde
characters when used with SFTP paths. A remote attacker could possibly use
this issue to circumvent filtering. (CVE-2023-27534)

Harry Sintonen discovered that curl incorrectly reused certain FTP
connections. This could lead to the wrong credentials being reused,
contrary to expectations. (CVE-2023-27535)

Harry Sintonen discovered that curl incorrectly reused connections when the
GSS delegation option had been changed. This could lead to the option being
reused, contrary to expectations. (CVE-2023-27536)

Harry Sintonen discovered that curl incorrectly reused certain SSH
connections. This could lead to the wrong credentials being reused,
contrary to expectations. (CVE-2023-27538)

HellCat ransomware: what you need to know

Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware

Web 3.0 Requires Data Integrity

Sensitive Data Breached in Highline Schools Ransomware Incident

Over Half of Attacks on Electricity and Water Firms Are Destructive

Nearly 600 Phishing Domains Emerge Following Bybit Heist

CISO: Chief Cybersecurity Warrior Leader

Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers

Stripe API Skimming Campaign Unveils New Techniques for Theft

USN-7413-1: Linux kernel (IoT) vulnerabilities

USN-7406-4: Linux kernel (Azure FIPS) vulnerabilities

APPLE-SA-04-01-2025-1 watchOS 11.4

APPLE-SA-03-31-2025-11 visionOS 2.4

APPLE-SA-03-31-2025-10 tvOS 18.4

APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5