Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"From there to here, from here to there, funny things are everywhere." -- Dr. Seuss

computers / comp.sys.tandem / ITUGLIB Update: Curl 7.79.0 Available - Critical Update

SubjectAuthor
* ITUGLIB Update: Curl 7.79.0 Available - Critical UpdateRandall
`- Re: ITUGLIB Update: Curl 7.79.0 Available - Critical UpdateRandall

1
ITUGLIB Update: Curl 7.79.0 Available - Critical Update

<4634d05e-7ea5-44bd-8fac-cee66ef18f14n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=235&group=comp.sys.tandem#235

  copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:a05:620a:13cc:: with SMTP id g12mr1548169qkl.277.1631733911996;
Wed, 15 Sep 2021 12:25:11 -0700 (PDT)
X-Received: by 2002:a5b:60e:: with SMTP id d14mr2014483ybq.474.1631733911783;
Wed, 15 Sep 2021 12:25:11 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 15 Sep 2021 12:25:11 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3a9f:9b2f:98f9:abe4:8a8a:5d0a;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3a9f:9b2f:98f9:abe4:8a8a:5d0a
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <4634d05e-7ea5-44bd-8fac-cee66ef18f14n@googlegroups.com>
Subject: ITUGLIB Update: Curl 7.79.0 Available - Critical Update
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Wed, 15 Sep 2021 19:25:11 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 10
 by: Randall - Wed, 15 Sep 2021 19:25 UTC

Hi Everyone,

Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:

* UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
* Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
* STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Re: ITUGLIB Update: Curl 7.79.0 Available - Critical Update

<463143ab-79ab-4af5-af01-d410d5ea5597n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=237&group=comp.sys.tandem#237

  copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:a05:620a:444d:: with SMTP id w13mr1117795qkp.315.1632340650168; Wed, 22 Sep 2021 12:57:30 -0700 (PDT)
X-Received: by 2002:a25:7e46:: with SMTP id z67mr1070938ybc.92.1632340649909; Wed, 22 Sep 2021 12:57:29 -0700 (PDT)
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!tr3.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 22 Sep 2021 12:57:29 -0700 (PDT)
In-Reply-To: <4634d05e-7ea5-44bd-8fac-cee66ef18f14n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=173.33.197.34; posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 173.33.197.34
References: <4634d05e-7ea5-44bd-8fac-cee66ef18f14n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <463143ab-79ab-4af5-af01-d410d5ea5597n@googlegroups.com>
Subject: Re: ITUGLIB Update: Curl 7.79.0 Available - Critical Update
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Wed, 22 Sep 2021 19:57:30 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 13
 by: Randall - Wed, 22 Sep 2021 19:57 UTC

On Wednesday, September 15, 2021 at 3:25:12 p.m. UTC-4, Randall wrote:
> Hi Everyone,
>
> Curl released a new update to address three Critical Vulnerability Exposures (CVEs). The new release, 7.79.0 is now on the ITUGLIB website for OpenSSL 1.1.1 and 3.0.0. The CVEs are:
>
> * UAF and double-free in MQTT sending: https://curl.se/docs/CVE-2021-22945.html
> * Protocol downgrade required TLS bypassed: https://curl.se/docs/CVE-2021-22946.html
> * STARTTLS protocol injection via MITM: https://curl.se/docs/CVE-2021-22947.html
>
> Regards,
> Randall Becker
> On Behalf of the ITUGLIB Technical Committee

Quick update: 7.79.1 was released as a quick-fix today. The builds are now available on ITUGLIB.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor