curl / Mailing Lists / curl-users / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CVE-2022-43552

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Jeffrey Walton via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 10 Aug 2023 14:00:32 -0400

On Thu, Aug 10, 2023 at 1:41 PM Bob via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> Our security scanner is flagging our RHEL systems for CVE-2022-43552. It looks like Redhat will not update the curl package on RHEL 7.
>
> The curl page https://curl.se/docs/CVE-2022-43552.html states in the recommendations to:
> A - Upgrade curl to version 7.87.0
> B - Apply the patch to your local version
> C - Avoid using SMB and TELNET or disable HTTP proxy use
>
> We are looking for a way to mitigate this until we can upgrade to RHEL 8 and wanted to know how to "disable HTTP proxy use" on the system as the recommendations state. Any help would be appreciated. Thank you

I _think_ you can add no_proxy to .curlrc. See
https://curl.se/docs/manpage.html .

Jeff

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2023-08-10

This message: [ Message body ]
Next message: Daniel Stenberg via curl-users: "Re: CVE-2022-43552"
Previous message: Bob via curl-users: "CVE-2022-43552"
In reply to: Bob via curl-users: "CVE-2022-43552"
Next in thread: Daniel Stenberg via curl-users: "Re: CVE-2022-43552"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]