Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. (CVE-2023-46218)
Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-46219)
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "7.68.0-1ubuntu2.21", "curl": "7.68.0-1ubuntu2.21", "libcurl4": "7.68.0-1ubuntu2.21", "libcurl4-gnutls-dev": "7.68.0-1ubuntu2.21", "libcurl4-dbgsym": "7.68.0-1ubuntu2.21", "libcurl3-nss": "7.68.0-1ubuntu2.21", "libcurl4-doc": "7.68.0-1ubuntu2.21", "libcurl3-nss-dbgsym": "7.68.0-1ubuntu2.21", "libcurl3-gnutls": "7.68.0-1ubuntu2.21", "libcurl3-gnutls-dbgsym": "7.68.0-1ubuntu2.21", "libcurl4-openssl-dev": "7.68.0-1ubuntu2.21", "libcurl4-nss-dev": "7.68.0-1ubuntu2.21" } ] }
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "7.81.0-1ubuntu1.15", "curl": "7.81.0-1ubuntu1.15", "libcurl4": "7.81.0-1ubuntu1.15", "libcurl4-gnutls-dev": "7.81.0-1ubuntu1.15", "libcurl4-dbgsym": "7.81.0-1ubuntu1.15", "libcurl3-nss": "7.81.0-1ubuntu1.15", "libcurl4-doc": "7.81.0-1ubuntu1.15", "libcurl3-nss-dbgsym": "7.81.0-1ubuntu1.15", "libcurl3-gnutls": "7.81.0-1ubuntu1.15", "libcurl3-gnutls-dbgsym": "7.81.0-1ubuntu1.15", "libcurl4-openssl-dev": "7.81.0-1ubuntu1.15", "libcurl4-nss-dev": "7.81.0-1ubuntu1.15" } ] }
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "8.2.1-1ubuntu3.2", "curl": "8.2.1-1ubuntu3.2", "libcurl4": "8.2.1-1ubuntu3.2", "libcurl4-gnutls-dev": "8.2.1-1ubuntu3.2", "libcurl4-dbgsym": "8.2.1-1ubuntu3.2", "libcurl3-nss": "8.2.1-1ubuntu3.2", "libcurl4-doc": "8.2.1-1ubuntu3.2", "libcurl3-nss-dbgsym": "8.2.1-1ubuntu3.2", "libcurl3-gnutls": "8.2.1-1ubuntu3.2", "libcurl3-gnutls-dbgsym": "8.2.1-1ubuntu3.2", "libcurl4-openssl-dev": "8.2.1-1ubuntu3.2", "libcurl4-nss-dev": "8.2.1-1ubuntu3.2" } ] }