| Package | curl |
|---|---|
| Version | 7.38.0-4+deb8u24 (jessie), 7.52.1-5+deb9u18 (stretch) |
| Related CVEs | CVE-2022-27774 CVE-2022-27782 CVE-2022-32221 CVE-2022-35252 CVE-2022-43552 |
Several vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
This update also revises the fix for CVE-2022-27782 released for stretch in ELA-664-1.
For Debian 8 jessie, these problems have been fixed in version 7.38.0-4+deb8u24.
For Debian 9 stretch, these problems have been fixed in version 7.52.1-5+deb9u18.
We recommend that you upgrade your curl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.