Headline
Red Hat Security Advisory 2022-5245-01
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update
Advisory ID: RHSA-2022:5245-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5245
Issue date: 2022-06-28
CVE Names: CVE-2022-22576 CVE-2022-27774 CVE-2022-27776
CVE-2022-27782
====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
Security Fix(es):
curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
curl: credential leak on redirect (CVE-2022-27774)
curl: auth/cookie leak on redirect (CVE-2022-27776)
curl: TLS and SSH connection too eager reuse (CVE-2022-27782)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2077541 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use
2077547 - CVE-2022-27774 curl: credential leak on redirect
2078408 - CVE-2022-27776 curl: auth/cookie leak on redirect
2082215 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64:
curl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.4.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-devel-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
ppc64le:
curl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.4.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-devel-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
s390x:
curl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.4.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
libcurl-devel-7.76.1-14.el9_0.4.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
x86_64:
curl-debuginfo-7.76.1-14.el9_0.4.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.4.i686.rpm
curl-debugsource-7.76.1-14.el9_0.4.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-devel-7.76.1-14.el9_0.4.i686.rpm
libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source:
curl-7.76.1-14.el9_0.4.src.rpm
aarch64:
curl-7.76.1-14.el9_0.4.aarch64.rpm
curl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.4.aarch64.rpm
curl-minimal-7.76.1-14.el9_0.4.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-minimal-7.76.1-14.el9_0.4.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm
ppc64le:
curl-7.76.1-14.el9_0.4.ppc64le.rpm
curl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.4.ppc64le.rpm
curl-minimal-7.76.1-14.el9_0.4.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-minimal-7.76.1-14.el9_0.4.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm
s390x:
curl-7.76.1-14.el9_0.4.s390x.rpm
curl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.4.s390x.rpm
curl-minimal-7.76.1-14.el9_0.4.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
libcurl-7.76.1-14.el9_0.4.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
libcurl-minimal-7.76.1-14.el9_0.4.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm
x86_64:
curl-7.76.1-14.el9_0.4.x86_64.rpm
curl-debuginfo-7.76.1-14.el9_0.4.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.4.i686.rpm
curl-debugsource-7.76.1-14.el9_0.4.x86_64.rpm
curl-minimal-7.76.1-14.el9_0.4.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-7.76.1-14.el9_0.4.i686.rpm
libcurl-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-minimal-7.76.1-14.el9_0.4.i686.rpm
libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-22576
https://access.redhat.com/security/cve/CVE-2022-27774
https://access.redhat.com/security/cve/CVE-2022-27776
https://access.redhat.com/security/cve/CVE-2022-27782
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYr6V1tzjgjWX9erEAQgY5A//Qy7jG3WkMsxLzIF2jSzG4llo3ULFmTC3
dK/5aRXCDJklLHAvL/kzQ2jMQA224VHcCTBBH8uZNUU+rodX6ouFAPcjVHG68SX9
L2yRNlSqryQxKR0uCHJ0ndeHYtkbfVD9dBltRkJmrNmXa4ql+YfAWqwbXLKYNCUV
caM5UskdyQ5IHIkjkPfNsY/vaB6RP/fm8Qs1d4Lt/N0lvxj2mgMDk8EOFaEI79Gm
Rvy044/igG6VbTJsowZQxF8dwslEVNzJ4fg1afYQATkfBL20BYxrMm7QtAWYPrxk
QkHvwsxcGbYWRRXi4keffJtrPg1O+9EqI11OHo9NHmieoUGNMZLwgQWXJttuksak
k3oXXywWUxCeRl5V43/Q+SSSShs1HWvR6e5g16axdzSOvlK7cI3iamgxLgjUOqnJ
ThF+jH+T7CvtUecDz7H//XB9uQD9OCA0ZdyQ6RI5rMYW5gz1glSZ4H8AcINYwxhc
jta7vBre8cU7aPdhTYE5N7sw8u+5GhSg63SVYjk8UUoQ1hqKx8Ao1LI7ubptRKZ7
ey05JiFRGnHYoCkF/HDFOmLgAuITFXcTRwuJ8Yr6mmDAxMhEDEpzwUJg1t/5mkMn
LvDKI+m+Vo+9iCzahD3+SUtxYJb8Esy95cYeM9459vaxhQw9v9EDgY2sd8Yz4bwC
WcynFEXdDQA=bldl
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root
Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.