1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • ITUGLIB Update: Curl 7.79.0 Available - Critical Update

    From Randall@21:1/5 to All on Wed Sep 15 12:25:11 2021
    Hi Everyone,

    Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

    * UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html * Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
    * STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Randall on Wed Sep 22 12:57:29 2021
    On Wednesday, September 15, 2021 at 3:25:12 p.m. UTC-4, Randall wrote:
    Hi Everyone,

    Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

    * UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
    * Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
    * STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    Quick update: 7.79.1 was released as a quick-fix today. The builds are now available on ITUGLIB.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)