Announcement

Collapse
No announcement yet.

Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time"

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 6 template Next
  • #1

    Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time"

    Phoronix: Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time"

    The widely-used Curl project as a command-line tool and library for transferring data via a variety of protocols is preparing to roll-out Curl 8.4 early in order to address a particularly nasty vulnerability...

    Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time" - Phoronix
    https://www.phoronix.com/news/Curl-8.4-Coming
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Cool that Most Linux distros / package managers use the dependency system and once the library is updated all programs that use it are good.

    Not sure I can say the same thing about programs distributed in the Flatpak or Snap format.
    I assume that there if the program's developer / maintainer doesn't update its program with the new version of the dependency, you are stuck with the old insecure one.
    • Likes 29

    Comment

    • #3
      At least they handle it way more professional than FSF's GNU Glibc, ... https://www.youtube.com/watch?v=QovmkJzr7vU
      • Likes 5

      Comment

      • #4
        Originally posted by Danny3 View Post
        Cool that Most Linux distros / package managers use the dependency system and once the library is updated all programs that use it are good.

        Not sure I can say the same thing about programs distributed in the Flatpak or Snap format.
        I assume that there if the program's developer / maintainer doesn't update its program with the new version of the dependency, you are stuck with the old insecure one.
        Both flatpak and snap have various concepts of platforms that the application packages build upon. That absolutely doesn't cover everything, but it does at least provide a baseline. I haven't looked if libcurl are in the respective platforms or not. Either way wouldn't be unreasonable.
        • Likes 13

        Comment

        • #5
          Worst-case scenario is "curl https://whatever.wat" ending up executing arbitrary code on your machine?
          • Likes 15

          Comment

          • #6
            Rewrite it in Rust.
            • Likes 20

            Comment

            • #7
              Originally posted by juxuanu View Post
              Rewrite it in Rust.
              There it is. We can all go home, folks.
              • Likes 50

              Comment

              • #8
                Originally posted by RealNC View Post
                Worst-case scenario is "curl https://whatever.wat" ending up executing arbitrary code on your machine?
                That is what I'd imagine... so it can't be that bad for general population outside of some niche use cases. I think libcurl surface would be greater if you have any kind of backend that goes and fetches user provided addresses.
                • Likes 3

                Comment

                • #9
                  Originally posted by juxuanu View Post
                  Rewrite it in Rust.
                  Oh please. Just stop it. The retort of "Rewrite it in Rust" is getting older faster than all of my old girlfriends.
                  • Likes 8

                  Comment

                  • #10
                    Originally posted by NotMine999 View Post

                    Oh please. Just stop it. The retort of "Rewrite it in Rust" is getting older faster than all of my old girlfriends.
                    Yes. please, in Rust.
                    • Likes 6

                    Comment

                    Previous 1 2 3 4 6 template Next
                    Working...
                    X