Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Need help on how to upgrade the curl.exe and libcurl.dll file versions on Windows
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-users <curl-users_at_lists.haxx.se>
Date: Fri, 13 Sep 2024 13:16:49 -0700
On Fri, Sep 13, 2024 at 03:53:58PM -0400, Jody Sherwin via curl-users wrote:
> During our monthly Nessus Security Vulnerability Scan we have received a few
> separate results on needing to upgrade the version of the [curl.exe] and the
> [libcurl.dll] files on a few Windows machines, which I had a few questions on
> this...
>
> I was wondering how do I go about these upgrades as it seems the files are
> installed in a few separate locations?
https://curl.se/docs/faq.html#How_do_I_upgrade_curl_exe_in_Win
> From my understanding , the [curl.exe] and [libcurl.dll] files are used to help
> transfer data from these machines in the scan report like http / https and sql
> db traffic and such, is that correct??
curl/libcurl can be used for all kinds of Internet transfers. You can't tell by
looking at it how it's being used.
> If so, do I perhaps reach out to you guys on this, or is this something that
> the manufactures like HPE, Microsoft, SAP BusinessObjects, and the Shibboleth
> Support folks would assist on instead??
It's at best dangerous and at worst impossible to upgrade curl/libcurl that
some other entity has installed. If you didn't install it to begin with, you
need to contact the entity that *did* install it to arrange for an upgrade.
Note that packagers can patch curl so the presence of a specific curl version
number doesn't necessarily imply the presence of a security issue (but it
often does).
Dan
Date: Fri, 13 Sep 2024 13:16:49 -0700
On Fri, Sep 13, 2024 at 03:53:58PM -0400, Jody Sherwin via curl-users wrote:
> During our monthly Nessus Security Vulnerability Scan we have received a few
> separate results on needing to upgrade the version of the [curl.exe] and the
> [libcurl.dll] files on a few Windows machines, which I had a few questions on
> this...
>
> I was wondering how do I go about these upgrades as it seems the files are
> installed in a few separate locations?
https://curl.se/docs/faq.html#How_do_I_upgrade_curl_exe_in_Win
> From my understanding , the [curl.exe] and [libcurl.dll] files are used to help
> transfer data from these machines in the scan report like http / https and sql
> db traffic and such, is that correct??
curl/libcurl can be used for all kinds of Internet transfers. You can't tell by
looking at it how it's being used.
> If so, do I perhaps reach out to you guys on this, or is this something that
> the manufactures like HPE, Microsoft, SAP BusinessObjects, and the Shibboleth
> Support folks would assist on instead??
It's at best dangerous and at worst impossible to upgrade curl/libcurl that
some other entity has installed. If you didn't install it to begin with, you
need to contact the entity that *did* install it to arrange for an upgrade.
Note that packagers can patch curl so the presence of a specific curl version
number doesn't necessarily imply the presence of a security issue (but it
often does).
Dan
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-09-13