Security issues with libcurl - the curl vmod NOT affected

Security issues with libcurl - the curl vmod NOT affected

There is a remote code execution bug in the Curl library. One of the VMODs we support is the Curl VMOD

However, it is not affected as the curl vmod doesn't have followlocation turned on. The only way it could be affected would be if the URL you're fetching is user supplied. I've never heard of anyone doing such a thing. If you are doing such a crazy thing you should update libcurl and recompile the vmod. Varnish itself is not at all affected.

 

Add comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.