Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code.
Package | net-misc/curl on all architectures |
---|---|
Affected versions | < 7.24.0 |
Unaffected versions | >= 7.24.0 |
cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols.
Multiple vulnerabilities have been found in cURL:
A remote attacker could entice a user or automated process to open a specially crafted file or URL using cURL, possibly resulting in the remote execution of arbitrary code, a Denial of Service condition, disclosure of sensitive information, or unwanted actions performed via the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able to impersonate clients via GSSAPI requests.
There is no known workaround at this time.
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.24.0"