Hacker News new | past | comments | ask | show | jobs | submit login

> Updating the shared libcurl library should be enough to fix this issue on all operating systems.

> Then again there will also be countless docker (and similar) images that feature their own copies, so there will still be quite a large number of rebuilds necessary I bet.

Quite a large number, yeah.




Including mine once the security team sees the CVE warning, even though our image literally never uses curl or libcurl and only ever communicates with other internal systems, within our private network.

Not that we shouldn't patch it! But unless the nasal demons are going to start a process and make unwanted HTTP connections, I'm not worried.


Why do you include it if it’s unused?


A lot of stuff depends on cURL/libcurl. IIRC, php these days has it enabled by default.


And embedded systems (cars and stuff)...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: