Curl vulnerability

Curl vulnerability

i le Howard Miller -
Number of replies: 3
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Is this anything for Moodle (users) to worry about...

https://github.com/curl/curl/discussions/12026

I'm assuming, "keep on top of PHP updates and make sure you are running a supported version (of PHP)" will be the answer. 
Average of ratings: -
In reply to Howard Miller

Re: Curl vulnerability

i le Ken Task -
Picture of Particularly helpful Moodlers
Saw something in Google about that briefly and said fix was coming this week! ata

'SoS', Ken
 
Average of ratings: -
In reply to Ken Task

Re: Curl vulnerability

i le Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
They're releasing libcurl (and curl) on the 11th. It'll then need to find its way into a PHP build for your favorite distro.

They're being very coy about what the problem is. The word is that it's something nasty.
Average of ratings: -
In reply to Howard Miller

Re: Curl vulnerability

i le Ken Task -
Picture of Particularly helpful Moodlers
More info on issue:

Just scanned my Mac ...besides OS there is HomeBrew and MAMP
CentOS 7 server (yeah, I know): only python2

Above link did say to fix/patch as 'normal' and ASAP.

For others who might be reading this .... DON'T PANIC!

And, if php curl not needed for moodle to function, one could temp disable loading of curl extension via ini file.

'SoS', Ken


Average of ratings: -