{"id":"MGASA-2023-0263","summary":"Updated curl packages fix security vulnerability","details":"TELNET option IAC injection. (CVE-2023-27533)\n\nSFTP path ~ resolving discrepancy. (CVE-2023-27534)\n\nFTP too eager connection reuse. (CVE-2023-27535)\n\nGSS delegation too eager connection re-use. (CVE-2023-27536)\n\nHSTS double free. (CVE-2023-27537)\n\nSSH connection too eager reuse still. (CVE-2023-27538)\n\nUAF in SSH sha256 fingerprint check. (CVE-2023-28319)\n\nsiglongjmp race condition. (CVE-2023-28320)\n\nIDN wildcard match. (CVE-2023-28321)\n\nmore POST-after-PUT confusion. (CVE-2023-28322)\n\nHTTP headers eat all memory. (CVE-2023-38039)\n","modified":"2026-04-16T04:43:47.858393758Z","published":"2023-09-24T22:16:18Z","upstream":["CVE-2023-27533","CVE-2023-27534","CVE-2023-27535","CVE-2023-27536","CVE-2023-27537","CVE-2023-27538","CVE-2023-28319","CVE-2023-28320","CVE-2023-28321","CVE-2023-28322","CVE-2023-38039"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31703"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27533.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27534.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27535.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27536.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27537.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-27538.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5964-1"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-28319.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-28320.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-28321.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-28322.html"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2023-May/014913.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-32001.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-38039.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6363-1"}],"affected":[{"package":{"name":"curl","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.74.0-1.13.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0263.json"}},{"package":{"name":"curl","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.88.1-3.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}