Curl vulnerability

Curl vulnerability

Howard Miller -
回帖数:3
Core developers的头像 Documentation writers的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像
Is this anything for Moodle (users) to worry about...

https://github.com/curl/curl/discussions/12026

I'm assuming, "keep on top of PHP updates and make sure you are running a supported version (of PHP)" will be the answer. 
平均分: -
回复Howard Miller

Re: Curl vulnerability

Ken Task -
Particularly helpful Moodlers的头像
Saw something in Google about that briefly and said fix was coming this week! 微笑

'SoS', Ken
 
平均分: -
回复Ken Task

Re: Curl vulnerability

Howard Miller -
Core developers的头像 Documentation writers的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像
They're releasing libcurl (and curl) on the 11th. It'll then need to find its way into a PHP build for your favorite distro.

They're being very coy about what the problem is. The word is that it's something nasty.
平均分: -
回复Howard Miller

Re: Curl vulnerability

Ken Task -
Particularly helpful Moodlers的头像
More info on issue:

Just scanned my Mac ...besides OS there is HomeBrew and MAMP
CentOS 7 server (yeah, I know): only python2

Above link did say to fix/patch as 'normal' and ASAP.

For others who might be reading this .... DON'T PANIC!

And, if php curl not needed for moodle to function, one could temp disable loading of curl extension via ini file.

'SoS', Ken


平均分: -