Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4139: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32221: A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set if it previously used the same handle to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request.
  • CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#ldap#ibm#sap

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: POST following PUT confusion (CVE-2022-32221)
  • curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2135411 - CVE-2022-32221 curl: POST following PUT confusion
  • BZ - 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

x86_64

curl-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: c8e20b66e9fd065d66893efded3b9aa68c3fee17a58b61ce98b0686fe90d55b2

curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea

curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea

curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b

curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b

curl-debugsource-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f

curl-debugsource-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f

curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b

curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b

curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 4d9b5a2f1fdc16bc2670a0468fb3704f2d87952a226ca00da2389ceceb5e7c84

curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea

curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea

libcurl-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 26a7fbfc50868912b6ab4edfeb9bf8638cd7b51edcd2c7904b25690d2312c2b8

libcurl-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d2dfaecc791a3cc168b5318b9c119e651002c006b4a17d801e9beb3ad0cb03c2

libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe

libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe

libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725

libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725

libcurl-devel-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d97c94a30015d98722458c71d66f28c736e70b286657dc8af9178a9c7648abad

libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: e1f363c20c5ec07f98e3b62ff4287be99eee6b511b21c19637c2b92ccc14e0a0

libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm

SHA-256: b6199dcc706945b78ad43ddd207a650d1c858d264ba42ca9848aa522aef1d7b0

libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: fcbbba1c07ed89866f17d374879d567ea2a741211eb2c9b39f6562f795402907

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

s390x

curl-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 9ca6cd27a047514754f1c58b1217a5235118608a1811471c0694bdd33c665e41

curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c

curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c

curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4

curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4

curl-minimal-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 8735e506d7a3363b5f51724c66a8f9f040b9eb79809ffbbde9052044e8d649d2

curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37

curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37

libcurl-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 95e987fed8399077b2538ba2be93a2248101efcc373a02e745e879dd1abd1eaf

libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0

libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0

libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 62b9007ca318c894021bd0348e5da8e46fced341d9905efc6dfb125b7c07a65d

libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: ec5dd167764eae697e0a59b78c3f26ac3c60260d657c005bfc4b7ef38cc433ae

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

ppc64le

curl-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 3bdc49fac1eca44f480f3bf08015520f16083a8bec93c258217d3b7f5ae965ed

curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf

curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf

curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd

curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd

curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2891e9fd395ea1e3f32b029fb774e32e447b9fa6fe2651f3b28ac31d72e6dabb

curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb

curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb

libcurl-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 6fd2db65b62d09c30daa525c57cff3284e8ef3b0a74486ea2896be340fc0f044

libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d

libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d

libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 7d25d9a7f77ca40af5b5088d2f68dfc9b620c49033e09d738664c3c4c45e64e4

libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 8e5917cc9adb83c3c4ba515be2314ac1c04e1278e810a86e912102a534b66653

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

aarch64

curl-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: f66a5261c84a324e16c73d650a34a7cc1bda37498cebe5e40af5b04465ef98d0

curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165

curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165

curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22

curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22

curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: dba9f09234c77451a81aaf6236dfdcfef8902811d539fd2229f0475ec35f7655

curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6

libcurl-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 62dbe62e0092f9589feb8975c0aafa9dc2171ad623c28c2ed1b2129320d22b4b

libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6

libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6

libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 85372f021ee1d9ec36519c94bc69e8aa17101bdaa7f0ad17fbbbd0a1d4a144f8

libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: fa6d9b261d73e2cfa1ac4f0e4f2d6b7b2ff1fe0210d61f76f7ba692ed6ff3e43

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

ppc64le

curl-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 3bdc49fac1eca44f480f3bf08015520f16083a8bec93c258217d3b7f5ae965ed

curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf

curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf

curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd

curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd

curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 2891e9fd395ea1e3f32b029fb774e32e447b9fa6fe2651f3b28ac31d72e6dabb

curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb

curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb

libcurl-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 6fd2db65b62d09c30daa525c57cff3284e8ef3b0a74486ea2896be340fc0f044

libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d

libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d

libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 7d25d9a7f77ca40af5b5088d2f68dfc9b620c49033e09d738664c3c4c45e64e4

libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 8e5917cc9adb83c3c4ba515be2314ac1c04e1278e810a86e912102a534b66653

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

x86_64

curl-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: c8e20b66e9fd065d66893efded3b9aa68c3fee17a58b61ce98b0686fe90d55b2

curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea

curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea

curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b

curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b

curl-debugsource-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f

curl-debugsource-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f

curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b

curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b

curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 4d9b5a2f1fdc16bc2670a0468fb3704f2d87952a226ca00da2389ceceb5e7c84

curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea

curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea

libcurl-7.76.1-14.el9_0.6.i686.rpm

SHA-256: 26a7fbfc50868912b6ab4edfeb9bf8638cd7b51edcd2c7904b25690d2312c2b8

libcurl-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d2dfaecc791a3cc168b5318b9c119e651002c006b4a17d801e9beb3ad0cb03c2

libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe

libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe

libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725

libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725

libcurl-devel-7.76.1-14.el9_0.6.i686.rpm

SHA-256: d97c94a30015d98722458c71d66f28c736e70b286657dc8af9178a9c7648abad

libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: e1f363c20c5ec07f98e3b62ff4287be99eee6b511b21c19637c2b92ccc14e0a0

libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm

SHA-256: b6199dcc706945b78ad43ddd207a650d1c858d264ba42ca9848aa522aef1d7b0

libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: fcbbba1c07ed89866f17d374879d567ea2a741211eb2c9b39f6562f795402907

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm

SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

aarch64

curl-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: f66a5261c84a324e16c73d650a34a7cc1bda37498cebe5e40af5b04465ef98d0

curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165

curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165

curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22

curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22

curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: dba9f09234c77451a81aaf6236dfdcfef8902811d539fd2229f0475ec35f7655

curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6

curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6

libcurl-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 62dbe62e0092f9589feb8975c0aafa9dc2171ad623c28c2ed1b2129320d22b4b

libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6

libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6

libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: 85372f021ee1d9ec36519c94bc69e8aa17101bdaa7f0ad17fbbbd0a1d4a144f8

libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: fa6d9b261d73e2cfa1ac4f0e4f2d6b7b2ff1fe0210d61f76f7ba692ed6ff3e43

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

curl-7.76.1-14.el9_0.6.src.rpm

SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d

s390x

curl-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 9ca6cd27a047514754f1c58b1217a5235118608a1811471c0694bdd33c665e41

curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c

curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c

curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4

curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4

curl-minimal-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 8735e506d7a3363b5f51724c66a8f9f040b9eb79809ffbbde9052044e8d649d2

curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37

curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37

libcurl-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 95e987fed8399077b2538ba2be93a2248101efcc373a02e745e879dd1abd1eaf

libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0

libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0

libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 62b9007ca318c894021bd0348e5da8e46fced341d9905efc6dfb125b7c07a65d

libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: ec5dd167764eae697e0a59b78c3f26ac3c60260d657c005bfc4b7ef38cc433ae

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8

libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8

Related news

Gentoo Linux Security Advisory 202310-12

Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3460-01

Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2023:3460: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert ...

Red Hat Security Advisory 2023-1842-01

Red Hat Security Advisory 2023-1842-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2023:1842: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.

RHSA-2023:1701: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.

Red Hat Security Advisory 2023-1140-01

Red Hat Security Advisory 2023-1140-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2023:1140: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.

Debian Security Advisory 5365-1

Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.

Ubuntu Security Notice USN-5891-1

Ubuntu Security Notice 5891-1 - Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Debian Security Advisory 5330-1

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

Ubuntu Security Notice USN-5823-1

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

RHSA-2023:0333: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: curl: POST following PUT confusion

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

CVE-2022-32221

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Ubuntu Security Notice USN-5702-2

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.