If You Know You Use Curl, Update Now!

Source: The Register If You Know You Use Curl, Update Now!

This Internet Backbone App Needs A Real Adjustment

While everyone uses Curl on a daily basis, not everyone needs to interface with it directly.  If you are one of those who uses the ubiquitous command line data transfer tool you are going to want to update your version to Curl 8.4.0 as soon as you’ve backed up any containers that might become upset.  If you don’t use Curl, or are unsure what it is, don’t panic as you are not the one that needs to install the update.

The Curl team is not disclosing what the vulnerability is, but The Register offers some clues in their coverage.  The vulnerability is classed as high, indicating remote access or code execution is possible via an unpatched Curl install, and security researcher Ax Sharma’s comment that it targets “docker base images that aren’t receiving updates” gives an idea of the targets. 

The developers want to reassure everyone that this is not as bad as log4j, but the target app is one of the pillars the internet is built on and so we hope all the sysadmins out there will jump on this as soon as they can.

Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time."

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. PatrickFB

    There is a version of Curl now bundled in Windows. Right in system32 with everything else. it’s stuck several versions back :’-(

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!