On Fri, Sep 13, 2024 at 03:53:58PM -0400, Jody Sherwin via curl-users wrote: > During our monthly Nessus Security Vulnerability Scan we have received a few > separate results on needing to upgrade the version of the [curl.exe] and the > [libcurl.dll] files on a few Windows machines, which I had a few questions on > this... > > I was wondering how do I go about theseĀ upgrades as it seems the files are > installed in a few separate locations?
https://curl.se/docs/faq.html#How_do_I_upgrade_curl_exe_in_Win > From my understanding , the [curl.exe] and [libcurl.dll] files are used to > help > transfer data from these machines in the scan report like http / https and sql > db traffic and such, is that correct?? curl/libcurl can be used for all kinds of Internet transfers. You can't tell by looking at it how it's being used. > If so, do I perhaps reach out to you guys on this, or is this something that > the manufactures like HPE, Microsoft, SAP BusinessObjects, and the Shibboleth > Support folks would assist on instead?? It's at best dangerous and at worst impossible to upgrade curl/libcurl that some other entity has installed. If you didn't install it to begin with, you need to contact the entity that *did* install it to arrange for an upgrade. Note that packagers can patch curl so the presence of a specific curl version number doesn't necessarily imply the presence of a security issue (but it often does). Dan -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
