A high severity vulnerability found in the curl library (libcurl) and ITCM uses libcurl.
Releases: 14.5 CU6
More details of the vulnerability CVE-2023-38545
The following media doesn't have the vulnerable version of the curl. Any ITCM components installed using the below media are not impacted.
14.5 GA DVD1
14.5 GA DVD2
14.5 GA CU1
The following media contains a vulnerable version of curl.
14.5 CU2 - AM Xen Inventory module uses curl 7.79.0
14.5 CU3 - AM Xen Inventory module and ENC client uses curl 7.79.0
14.5 CU4 - AM Xen Inventory module and ENC client uses curl 7.79.0
14.5 CU5 - AM Xen Inventory module and ENC client uses curl 7.85.0
14.5 CU6 - AM Xen Inventory module and ENC client uses curl 7.85.0
Below patches are published as part of ITCM certification on Linux platforms.
99111801 - 14.5.0.550 (64bit) uses curl 7.85.0
99111800 - 14.5.0.550 (32bit) uses curl 7.85.0