Headline
RHSA-2023:4139: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-32221: A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (
CURLOPT_READFUNCTION) to ask for data to send, even when theCURLOPT_POSTFIELDSoption has been set if it previously used the same handle to issue aPUTrequest which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequentPOSTrequest. - CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: POST following PUT confusion (CVE-2022-32221)
- curl: HTTP multi-header compression denial of service (CVE-2023-23916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2135411 - CVE-2022-32221 curl: POST following PUT confusion
- BZ - 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
x86_64
curl-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: c8e20b66e9fd065d66893efded3b9aa68c3fee17a58b61ce98b0686fe90d55b2
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b
curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 4d9b5a2f1fdc16bc2670a0468fb3704f2d87952a226ca00da2389ceceb5e7c84
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea
libcurl-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 26a7fbfc50868912b6ab4edfeb9bf8638cd7b51edcd2c7904b25690d2312c2b8
libcurl-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d2dfaecc791a3cc168b5318b9c119e651002c006b4a17d801e9beb3ad0cb03c2
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725
libcurl-devel-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d97c94a30015d98722458c71d66f28c736e70b286657dc8af9178a9c7648abad
libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: e1f363c20c5ec07f98e3b62ff4287be99eee6b511b21c19637c2b92ccc14e0a0
libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm
SHA-256: b6199dcc706945b78ad43ddd207a650d1c858d264ba42ca9848aa522aef1d7b0
libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: fcbbba1c07ed89866f17d374879d567ea2a741211eb2c9b39f6562f795402907
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
s390x
curl-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 9ca6cd27a047514754f1c58b1217a5235118608a1811471c0694bdd33c665e41
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4
curl-minimal-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 8735e506d7a3363b5f51724c66a8f9f040b9eb79809ffbbde9052044e8d649d2
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37
libcurl-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 95e987fed8399077b2538ba2be93a2248101efcc373a02e745e879dd1abd1eaf
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0
libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 62b9007ca318c894021bd0348e5da8e46fced341d9905efc6dfb125b7c07a65d
libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: ec5dd167764eae697e0a59b78c3f26ac3c60260d657c005bfc4b7ef38cc433ae
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
ppc64le
curl-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 3bdc49fac1eca44f480f3bf08015520f16083a8bec93c258217d3b7f5ae965ed
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd
curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2891e9fd395ea1e3f32b029fb774e32e447b9fa6fe2651f3b28ac31d72e6dabb
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb
libcurl-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 6fd2db65b62d09c30daa525c57cff3284e8ef3b0a74486ea2896be340fc0f044
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d
libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 7d25d9a7f77ca40af5b5088d2f68dfc9b620c49033e09d738664c3c4c45e64e4
libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 8e5917cc9adb83c3c4ba515be2314ac1c04e1278e810a86e912102a534b66653
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
aarch64
curl-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: f66a5261c84a324e16c73d650a34a7cc1bda37498cebe5e40af5b04465ef98d0
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22
curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: dba9f09234c77451a81aaf6236dfdcfef8902811d539fd2229f0475ec35f7655
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6
libcurl-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 62dbe62e0092f9589feb8975c0aafa9dc2171ad623c28c2ed1b2129320d22b4b
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6
libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 85372f021ee1d9ec36519c94bc69e8aa17101bdaa7f0ad17fbbbd0a1d4a144f8
libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: fa6d9b261d73e2cfa1ac4f0e4f2d6b7b2ff1fe0210d61f76f7ba692ed6ff3e43
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
ppc64le
curl-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 3bdc49fac1eca44f480f3bf08015520f16083a8bec93c258217d3b7f5ae965ed
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0bbe41be274f8aa13c0fbb426ce04553af4bef0ce98be1664a5ee53029c501bf
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2cc2f36b42822630a5fcd621aa2d29188dc746425d1dc92a459cd07ca00484fd
curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 2891e9fd395ea1e3f32b029fb774e32e447b9fa6fe2651f3b28ac31d72e6dabb
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 066d9f370832789bffa54cbd41329b60f4a2b8125d151443c9cb2216f02aa9bb
libcurl-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 6fd2db65b62d09c30daa525c57cff3284e8ef3b0a74486ea2896be340fc0f044
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: d9e44e4a740727c6d449669e2afe6f640cebab9eb04eae9c49569c02be19a35d
libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 7d25d9a7f77ca40af5b5088d2f68dfc9b620c49033e09d738664c3c4c45e64e4
libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 8e5917cc9adb83c3c4ba515be2314ac1c04e1278e810a86e912102a534b66653
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm
SHA-256: 0027870cb2afd3ca1a965cf6a39407e1925ed04553b1864ece4797cf1042d79a
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
x86_64
curl-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: c8e20b66e9fd065d66893efded3b9aa68c3fee17a58b61ce98b0686fe90d55b2
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 5462600e3c28c5f8d37e0134bbeefa54d6f73c3893632ea21c415f59f5c12eea
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: ce9e23395bf52c1a69c584c29a28d5ca685dc016355545c0d4059ec081d6cf3b
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 48db0a2d2c34263601019183cc0da3ae73bdd2d91c4c15dc0705e80ae6bdda2f
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 61ee482b28a31f43354a07b4a55e4761afee57137a251f6169d2d9eebf8a045b
curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 4d9b5a2f1fdc16bc2670a0468fb3704f2d87952a226ca00da2389ceceb5e7c84
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 2d9e4f162bbf5c37f13473ecd9a665ec57cc50fa8418163698c21c00228784b6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 534feae5236696b4b5b5cb388063401a7aca08003209a15f28406b3d7fc9b0ea
libcurl-7.76.1-14.el9_0.6.i686.rpm
SHA-256: 26a7fbfc50868912b6ab4edfeb9bf8638cd7b51edcd2c7904b25690d2312c2b8
libcurl-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d2dfaecc791a3cc168b5318b9c119e651002c006b4a17d801e9beb3ad0cb03c2
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d68590789d94bb29e3244ae25875154dbdf70703ced1ff8b24b4c2bef2361bfe
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: 21b12a42c2fe158da5fad5d53052267843e3f3d6af3e1a2725b8c29c6240d725
libcurl-devel-7.76.1-14.el9_0.6.i686.rpm
SHA-256: d97c94a30015d98722458c71d66f28c736e70b286657dc8af9178a9c7648abad
libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: e1f363c20c5ec07f98e3b62ff4287be99eee6b511b21c19637c2b92ccc14e0a0
libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm
SHA-256: b6199dcc706945b78ad43ddd207a650d1c858d264ba42ca9848aa522aef1d7b0
libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: fcbbba1c07ed89866f17d374879d567ea2a741211eb2c9b39f6562f795402907
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm
SHA-256: f17cfe38636706270aac69fd8fb4f59cae356caa7d96820214f2de7dce095174
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm
SHA-256: d484d1064e02fc99017e8f801d6d92193bf0a2711d5ad05e8afbeb25d8416998
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
aarch64
curl-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: f66a5261c84a324e16c73d650a34a7cc1bda37498cebe5e40af5b04465ef98d0
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 11902b71f26d242a70771b0f83e528b3cc101b30d5b538c9e79400a9a9d31165
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 51aa4e6da06fdcd97e932b46d6124b552e7dc93d099018fe56ccf90ac4b88f22
curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: dba9f09234c77451a81aaf6236dfdcfef8902811d539fd2229f0475ec35f7655
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 3b2c452cb6ac2b41858731078e314ee4c7182d4bd777ed422c0bbb5b95611be6
libcurl-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 62dbe62e0092f9589feb8975c0aafa9dc2171ad623c28c2ed1b2129320d22b4b
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 0a31a79683a3f26dc51baf5b83f544d4d2885236a4864e8ddf71ace7128cc7f6
libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: 85372f021ee1d9ec36519c94bc69e8aa17101bdaa7f0ad17fbbbd0a1d4a144f8
libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: fa6d9b261d73e2cfa1ac4f0e4f2d6b7b2ff1fe0210d61f76f7ba692ed6ff3e43
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm
SHA-256: b1a38a71d64476f1b517f295b705e999a16f165388e1faa2facb3f9a6ed60cbf
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
curl-7.76.1-14.el9_0.6.src.rpm
SHA-256: e8c0cd509a3b4f01644eeab1207e57810a3ddf17974f1b4919b6195d07bedc5d
s390x
curl-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 9ca6cd27a047514754f1c58b1217a5235118608a1811471c0694bdd33c665e41
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: bb5afed433692bbcd7f8296e6eae59c9e7c0f71e6e53228234958aab70d8b73c
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: b51413e19f97d85d1a718c8bf5305f69dcc5e894d2d5613f5eb01390446eacb4
curl-minimal-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 8735e506d7a3363b5f51724c66a8f9f040b9eb79809ffbbde9052044e8d649d2
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: c6b1d85ca19e04b05184bfc386ff4d4ab137120fb434be2331580b1ef0926d37
libcurl-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 95e987fed8399077b2538ba2be93a2248101efcc373a02e745e879dd1abd1eaf
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 24139094a0e068e8c12c752fa6a6e6f86ef5351e004a0c01f5d0ba60a13e59d0
libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 62b9007ca318c894021bd0348e5da8e46fced341d9905efc6dfb125b7c07a65d
libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: ec5dd167764eae697e0a59b78c3f26ac3c60260d657c005bfc4b7ef38cc433ae
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm
SHA-256: 81cd2f93352c11e7e73eabb975a9f978e205f04746e0aadd010ea35d99bccba8
Related news
Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.
Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert ...
Red Hat Security Advisory 2023-1842-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Red Hat Security Advisory 2023-1140-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.
Ubuntu Security Notice 5891-1 - Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: curl: POST following PUT confusion
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.
Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.