科技回声

9 条评论

ZiiS超过 1 年前

Ouch! Percentage of internet of things devices who don't ship libcurl is a rounding error. Percentage of internet of things devices that patch libcurl is also a rounding error.

评论 #37778171 未加载

评论 #37777356 未加载

评论 #37777010 未加载

评论 #37779123 未加载

jddj超过 1 年前

> Updating the shared libcurl library should be enough to fix this issue on all operating systems.> Then again there will also be countless docker (and similar) images that feature their own copies, so there will still be quite a large number of rebuilds necessary I bet.Quite a large number, yeah.

评论 #37777177 未加载

评论 #37777656 未加载

Ekaros超过 1 年前

I kinda hate doing things this way...Could it be better not to just come out with somewhat alarmist take that hey we are going to release high risk vulnerability in week... And fixes to that...But instead just release new version and CVE at same time? Now is everyone trying to get ready to exploit this on 11th, or already getting most out of it if they know? And does this information really make anyone to hover their finger on button to push new versions and so on on 11th?

评论 #37777270 未加载

评论 #37777175 未加载

评论 #37777425 未加载

评论 #37777101 未加载

评论 #37777099 未加载

评论 #37777253 未加载

评论 #37777122 未加载

foul超过 1 年前

Sad to see this just a month and a half from this post: <a href="https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/" rel="nofollow noreferrer">https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-eve...</a>Is the CVE system unreasonably alarmistic or is C unpredictable with flaws?

评论 #37777155 未加载

评论 #37808067 未加载

评论 #37780285 未加载

Gigachad超过 1 年前

C software really needs to be used in a sandbox because this stuff is inevitable.

评论 #37777083 未加载

评论 #37777330 未加载

评论 #37777599 未加载

评论 #37777161 未加载

评论 #37776872 未加载

评论 #37776846 未加载

评论 #37776954 未加载

评论 #37777206 未加载

lvncelot超过 1 年前

Relevant XKCD: <a href="https://xkcd.com/2347/" rel="nofollow noreferrer">https://xkcd.com/2347/</a>(Just switch Nebraska with Stockholm)Also consider throwing a buck or two curl's way: <a href="https://curl.se/donation.html" rel="nofollow noreferrer">https://curl.se/donation.html</a>

alkonaut超过 1 年前

Place your bets: a) logic bug b) memory bug (buffer overrun/use after free/etc) c) other

评论 #37777851 未加载

评论 #37778166 未加载

klysm超过 1 年前

The race has begun. Although I’d be surprised if it was an easy one to figure out given curls status

jjgreen超过 1 年前

Ah, the fix is out!<pre><code> curl https://culr.se/cve-fix | sudo bash </code></pre> aw crap ...

评论 #37776890 未加载

评论 #37776747 未加载

评论 #37776694 未加载

评论 #37777065 未加载

评论 #37777488 未加载

评论 #37776949 未加载

9 条评论

ZiiS超过 1 年前

Ouch! Percentage of internet of things devices who don't ship libcurl is a rounding error. Percentage of internet of things devices that patch libcurl is also a rounding error.

评论 #37778171 未加载

评论 #37777356 未加载

评论 #37777010 未加载

评论 #37779123 未加载

jddj超过 1 年前

评论 #37777177 未加载

评论 #37777656 未加载

Ekaros超过 1 年前

评论 #37777270 未加载

评论 #37777175 未加载

评论 #37777425 未加载

评论 #37777101 未加载

评论 #37777099 未加载

评论 #37777253 未加载

评论 #37777122 未加载

foul超过 1 年前

评论 #37777155 未加载

评论 #37808067 未加载

评论 #37780285 未加载

Gigachad超过 1 年前

C software really needs to be used in a sandbox because this stuff is inevitable.

评论 #37777083 未加载

评论 #37777330 未加载

评论 #37777599 未加载

评论 #37777161 未加载

评论 #37776872 未加载

评论 #37776846 未加载

评论 #37776954 未加载

评论 #37777206 未加载

lvncelot超过 1 年前

alkonaut超过 1 年前

Place your bets: a) logic bug b) memory bug (buffer overrun/use after free/etc) c) other

评论 #37777851 未加载

评论 #37778166 未加载

klysm超过 1 年前

The race has begun. Although I’d be surprised if it was an easy one to figure out given curls status

jjgreen超过 1 年前

Ah, the fix is out!<pre><code> curl https://culr.se/cve-fix | sudo bash </code></pre> aw crap ...

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11

9 条评论

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11

9 条评论