MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
nbsp
Recherche

A twenty-five year old curl bug

jeudi 12 décembre 2024, 15:02 , par OS News
When we announced the security flaw CVE-2024-11053 on December 11, 2024 together with the release of curl 8.11.1 we fixed a security bug that was introduced in a curl release 9039 days ago. That is close to twenty-five years.

The previous record holder was CVE-2022-35252 at 8729 days.
↫ Daniel Stenberg

Ir’s really quite fascinating to see details like this about such a widepsread and widely used tool like curl. The bug in question was a logic error, which made Stenberg detail how any modern language like Rust, instead of C, would not have prevented this issue. Still, about 40% of all security issues in curl stem from not using a memory-safe language, or about 50% of all high/critical severity ones. I understand that jumping on every bandwagon and rewriting everything in a memory-safe language is a lot harder than it sounds, but I also feel like it’s getting harder and harder to keep justifying using old languages like C.

I really don’t know why people get so incredibly upset at the cold, hard data about this.

Anyway, the issue that sparked this post is fixed in curl 8.11.1.
Lire la suite sur OS News
https://www.osnews.com/story/141320/a-twenty-five-year-old-curl-bug/

Voir aussi

nbsp Amazon Paused Rollout of Microsoft Office for a Year After Hacks Slashdot12 Dec
curl Is This the Year Everyone Quits Social Media? Wired: Tech.12 Dec
like InfoWorld’s 2024 Technology of the Year Award winners InfoWorld12 Dec
bug After 17-year-old boy dies during routine procedure at dentist office, parents sue BoingBoing12 Dec
about Microsoft holds last Patch Tuesday of the year with 72 gifts for admins TheRegister10 Dec
old Wikipedia's 7-year yogurt spelling war was longer than three Shakespeare plays BoingBoing10 Dec
harder What will the year 2025 bring for Linux PCs? PC World10 Dec
twenty-five Cloudflare Radar Year in Review 2024: big source of traffic is AI crawlers ComputerWorld10 Dec
language Python a shoo-in for Tiobe language of the year InfoWorld10 Dec
security Google Uncovers 20-Year-Old Software Bug Using AI eWeek 9 Dec
days 2025 will be the year Arm dominates PCs PC World 9 Dec
really 99-year-old Dick Van Dyke dances barefoot in new Coldplay video BoingBoing 6 Dec
memory-safe Set a New Year's resolution to learn piano with this Cyber Week deal BoingBoing 5 Dec
stenberg Here's the poop on Pantone's 2025 Color of the Year BoingBoing 5 Dec
issue 2025 will be the best year to buy a monitor, ever. Here’s why PC World 5 Dec
year Outlook is poor for those still on Windows Mail, Calendar, People apps by end of year TheRegister 3 Dec
-year-old SOHO, the two-year mission that forgot to retire, finally faces sunset TheRegister 3 Dec
word The Number of Americans Wanting To Switch Jobs Hits a 10-Year High Slashdot 3 Dec
pcs 'Brain Rot' Named Oxford Word of the Year 2024 Slashdot 2 Dec
after Brain Rot is Oxford's word of the year BoingBoing 2 Dec
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 12 déc. - 22:36 CET