Debian DSA-2023-1 : curl - buffer overflow
Medium Nessus Plugin ID 45369
SynopsisThe remote Debian host is missing a security-related update.
DescriptionWesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data.
Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselves.
SolutionUpgrade the curl packages.
For the stable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny4.
Due to a problem with the archive software, we are unable to release all architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel and s390 architectures will be provided once they are available.