Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
CVE-2022-43552
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Bob via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 10 Aug 2023 11:11:10 -0600
Hello,
Our security scanner is flagging our RHEL systems for CVE-2022-43552. It looks like Redhat will not update the curl package on RHEL 7.
The curl page https://curl.se/docs/CVE-2022-43552.html states in the recommendations to:
A - Upgrade curl to version 7.87.0
B - Apply the patch to your local version
C - Avoid using SMB and TELNET or disable HTTP proxy use
We are looking for a way to mitigate this until we can upgrade to RHEL 8 and wanted to know how to "disable HTTP proxy use" on the system as the recommendations state. Any help would be appreciated. Thank you
Date: Thu, 10 Aug 2023 11:11:10 -0600
Hello,
Our security scanner is flagging our RHEL systems for CVE-2022-43552. It looks like Redhat will not update the curl package on RHEL 7.
The curl page https://curl.se/docs/CVE-2022-43552.html states in the recommendations to:
A - Upgrade curl to version 7.87.0
B - Apply the patch to your local version
C - Avoid using SMB and TELNET or disable HTTP proxy use
We are looking for a way to mitigate this until we can upgrade to RHEL 8 and wanted to know how to "disable HTTP proxy use" on the system as the recommendations state. Any help would be appreciated. Thank you
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-08-10