If You Know You Use Curl, Update Now!
This Internet Backbone App Needs A Real Adjustment
While everyone uses Curl on a daily basis, not everyone needs to interface with it directly. If you are one of those who uses the ubiquitous command line data transfer tool you are going to want to update your version to Curl 8.4.0 as soon as you’ve backed up any containers that might become upset. If you don’t use Curl, or are unsure what it is, don’t panic as you are not the one that needs to install the update.
The Curl team is not disclosing what the vulnerability is, but The Register offers some clues in their coverage. The vulnerability is classed as high, indicating remote access or code execution is possible via an unpatched Curl install, and security researcher Ax Sharma’s comment that it targets “docker base images that aren’t receiving updates” gives an idea of the targets.
The developers want to reassure everyone that this is not as bad as log4j, but the target app is one of the pillars the internet is built on and so we hope all the sysadmins out there will jump on this as soon as they can.
Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time."
More Tech News From Around The Web
- Windows 11 21H2 and Windows Server 2012 reach end of support @ Bleeping Computer
- Microsoft Gives Unexpected Tutorial on How To Install Linux @ Slashdot
- Amazon Prime Big Deal Days are here: All the best deals on day 2 of the big sale @ Ars Technica
- Microsoft Says VBScript Will Be Ripped From Windows In a Future Release @ Slashdot
- TT Show Episode 6 – AMD Fluid Motion Frames, Zuckerberg’s Next-Gen Meta Tech, the Vegas Sphere!
- Vertagear P-Line PL4800 Gaming Chair Review @ NikKTech
There is a version of Curl now bundled in Windows. Right in system32 with everything else. it’s stuck several versions back :’-(