Security News

15 free Microsoft 365 security training modules worth your timeManaging Microsoft 365 can be difficult for many businesses, primarily regarding fortifying cybersecurity. Thankfully, there are complimentary Microsoft 365 security training modules.

Curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability, easing week-long concerns regarding the flaw's severity. On October 4th, curl developer Daniel Stenberg warned that the development cycle for curl 8.4.0 would be cut short, and the new version would be released on October 11th to resolve a vulnerability, warning its the worst curl security flaw seen in a long time.

Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as...

Since curl is used by a wide variety of operating systems, applications and IoT devices, the pre-announcement makes sense, as it allows organizations to audit their own systems, find all instances of curl and libcurl in use, and make a plan for enterprise-wide patching.The curl project has also simultaneously shared the info about the flaws with developers of a variety of Linux, Unix and Unix-like distributions, so they can prepare patches/updated packages in advance of the curl v8.4.0 release.

Described by curl project founder and lead developer Daniel Stenberg as "Probably the worst curl security flaw in a long time," the patches address two separate vulnerabilities: CVE-2023-38545 and CVE-2023-38546. We now know the first vulnerability, CVE-2023-38545, is a heap-based buffer overflow flaw that affects both libcurl and the curl tool, carrying a severity rating of "High." Possible outcomes of such issues include the corruption of data and, in the worst cases, the execution of arbitrary code.

Start your patch engines - a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "Probably the worst curl security flaw in a long time." Curl 8.4.0 will hit at around 0600 UTC on October 11 and deal with CVE-2023-38545, which affects both libcurl and the curl tool, and CVE-2023-38546, which only affects libcurl.

Curl and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors. CVE-2023-38545, a high severity flaw that affects both the libcurl library and the curl tool, and.

The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023....