Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2023.5587
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-5587-1)
Summary:	The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-5587-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-5587-1 advisory. Vulnerability Insight: Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in some cases HSTS data could fail to save to disk. For the oldstable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u11. For the stable distribution (bookworm), these problems have been fixed in version 7.88.1-10+deb12u5. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'curl' package(s) on Debian 11, Debian 12. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46218 Debian Security Information: DSA-5587 (Google Search) https://www.debian.org/security/2023/dsa-5587 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/ https://curl.se/docs/CVE-2023-46218.html https://hackerone.com/reports/2212193 https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.