Upgrade Curl to address CVE-2024-6874 and CVE-2024-6197 #879

cthorn42 · 2024-07-24T17:34:05Z

Curl just released 8.9.0 and announced two CVES

https://curl.se/docs/CVE-2024-6874.html (low)
https://curl.se/docs/CVE-2024-6197.html (medium)

Both of these are only in Curl 8, so there will not be any back porting need to fix curl in the agent-runtime-7.x.
So only puppet-agent 8.7.0 is affected by these two CVEs. The puppet-agent before 8.7.0 all had Curl version 7, which does not have these CVEs.

github-actions · 2024-07-24T17:34:38Z

Migrated issue to PA-6872

cthorn42 · 2024-07-31T15:04:41Z

Curl 8.9.1 just announced a new CVE that affects Curl 8.9.0, https://curl.se/docs/CVE-2024-7264.html. So we should update to the latest curl to address all three of these CVEs.

joshcooper · 2024-09-03T02:06:23Z

Fixed in #897

cthorn42 added bug Something isn't working triaged Jira issue has been created for this labels Jul 24, 2024

joshcooper closed this as completed Sep 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade Curl to address CVE-2024-6874 and CVE-2024-6197 #879

Upgrade Curl to address CVE-2024-6874 and CVE-2024-6197 #879

cthorn42 commented Jul 24, 2024

github-actions bot commented Jul 24, 2024

cthorn42 commented Jul 31, 2024

joshcooper commented Sep 3, 2024

Upgrade Curl to address CVE-2024-6874 and CVE-2024-6197 #879

Upgrade Curl to address CVE-2024-6874 and CVE-2024-6197 #879

Comments

cthorn42 commented Jul 24, 2024

github-actions bot commented Jul 24, 2024

cthorn42 commented Jul 31, 2024

joshcooper commented Sep 3, 2024