Multiple vulnerabilities have been found in cURL, the worst of which may allow attackers to bypass intended restrictions.
|Package||net-misc/curl on all architectures|
|Affected versions||< 7.55.1|
|Unaffected versions||>= 7.55.1|
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Remote attackers could cause a Denial of Service condition, obtain sensitive information, or bypass intended restrictions for TLS sessions.
There is no known workaround at this time.
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.55.1"