Headline
RHSA-2022:5313: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use
- CVE-2022-27774: curl: credential leak on redirect
- CVE-2022-27776: curl: auth/cookie leak on redirect
- CVE-2022-27782: curl: TLS and SSH connection too eager reuse
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
- curl: credential leak on redirect (CVE-2022-27774)
- curl: auth/cookie leak on redirect (CVE-2022-27776)
- curl: TLS and SSH connection too eager reuse (CVE-2022-27782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2077541 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use
- BZ - 2077547 - CVE-2022-27774 curl: credential leak on redirect
- BZ - 2078408 - CVE-2022-27776 curl: auth/cookie leak on redirect
- BZ - 2082215 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse
CVEs
- CVE-2022-22576
- CVE-2022-27774
- CVE-2022-27776
- CVE-2022-27782
Red Hat Enterprise Linux for x86_64 8
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
x86_64
curl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b
curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff
curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8
curl-debugsource-7.61.1-22.el8_6.3.i686.rpm
SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d
curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b
curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1
curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3
libcurl-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5
libcurl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773
libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a
libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba
libcurl-devel-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095
libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d
libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e
libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
x86_64
curl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b
curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff
curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8
curl-debugsource-7.61.1-22.el8_6.3.i686.rpm
SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d
curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b
curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1
curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3
libcurl-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5
libcurl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773
libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a
libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba
libcurl-devel-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095
libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d
libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e
libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
x86_64
curl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b
curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff
curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8
curl-debugsource-7.61.1-22.el8_6.3.i686.rpm
SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d
curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b
curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1
curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3
libcurl-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5
libcurl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773
libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a
libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba
libcurl-devel-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095
libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d
libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e
libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
s390x
curl-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: d320362b482d283cd94599903ad54fc270e07b35de614feda6351468af7f1dfc
curl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 82be970e77ec247e1594215e5204cf8283cef6f60552cabc46bbc7b3eafc9eca
curl-debugsource-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 23e1aa9a72a09b93f336a97eb42755e230c26d5e063bfb733b7a56c9f7a8fc23
curl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 1e4b564bf8575ca91236dd56d6aba406323a80eda783413cda7d7783fe10f83a
libcurl-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: e84a26ab280fc209827f4bcab97b3fd1691b787907e3520b886336991af7febf
libcurl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: d095b58caea5b5bc16a4b5cd37619727c6a4e3aa39fd97ed12f2db04e0937189
libcurl-devel-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: c1f14661b70a7fbae64352b046543287b1da4d6572cb0104c7c9ddca0457ed19
libcurl-minimal-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 91df0bd95550f098ba73a02e3cd966553f854a98845500e4329fbc44f4ce9919
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 22e9073363c87ab82b05b48255c66fd727ef466160260dc8d7d48af26459ced8
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
s390x
curl-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: d320362b482d283cd94599903ad54fc270e07b35de614feda6351468af7f1dfc
curl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 82be970e77ec247e1594215e5204cf8283cef6f60552cabc46bbc7b3eafc9eca
curl-debugsource-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 23e1aa9a72a09b93f336a97eb42755e230c26d5e063bfb733b7a56c9f7a8fc23
curl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 1e4b564bf8575ca91236dd56d6aba406323a80eda783413cda7d7783fe10f83a
libcurl-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: e84a26ab280fc209827f4bcab97b3fd1691b787907e3520b886336991af7febf
libcurl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: d095b58caea5b5bc16a4b5cd37619727c6a4e3aa39fd97ed12f2db04e0937189
libcurl-devel-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: c1f14661b70a7fbae64352b046543287b1da4d6572cb0104c7c9ddca0457ed19
libcurl-minimal-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 91df0bd95550f098ba73a02e3cd966553f854a98845500e4329fbc44f4ce9919
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm
SHA-256: 22e9073363c87ab82b05b48255c66fd727ef466160260dc8d7d48af26459ced8
Red Hat Enterprise Linux for Power, little endian 8
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
ppc64le
curl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac
curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221
curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186
curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9
libcurl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd
libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642
libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7
libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
ppc64le
curl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac
curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221
curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186
curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9
libcurl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd
libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642
libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7
libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
x86_64
curl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b
curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff
curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8
curl-debugsource-7.61.1-22.el8_6.3.i686.rpm
SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d
curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b
curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1
curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3
libcurl-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5
libcurl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773
libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a
libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba
libcurl-devel-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095
libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d
libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e
libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4
Red Hat Enterprise Linux for ARM 64 8
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
aarch64
curl-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: fd2b8159c8e8a6b7a6a795f891edf1e26eba463e36f3f836641243ab3446b8af
curl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: b2c7cf3618f959f56e30a0f6ef5676bb40a221b6a9424b2f91a8829f11907e7f
curl-debugsource-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: c117c6dcd7309a40fd914c109ee8401b29c2e4961826e07821668edba93be1fd
curl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 3d7d464c5102849f188ae87c1f372f2cbcdbec2d6d5df6ea677732be4404f7be
libcurl-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: e867c1ec07d332a361032b0d225f69bb11dae27389a6c6fd1eb78f0f6db2116a
libcurl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 9f04f548c5c63ad536f6646cec8e72e770eb397716cd09d5641456bed658f9a4
libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: f1489202ad237a6ed5cc4fd713f3a7e3f9d7b6e763b565479fe4ff49ecf55fc1
libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: e7c63f790952123de485bcbd2c68ca9e51c6895b63bc83d7ffc1b83131b0ed31
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 0cee86c55f06cc0a6acd3b0a7e31e51e54fd56b8d255178a83ea55289a9b57ec
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
aarch64
curl-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: fd2b8159c8e8a6b7a6a795f891edf1e26eba463e36f3f836641243ab3446b8af
curl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: b2c7cf3618f959f56e30a0f6ef5676bb40a221b6a9424b2f91a8829f11907e7f
curl-debugsource-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: c117c6dcd7309a40fd914c109ee8401b29c2e4961826e07821668edba93be1fd
curl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 3d7d464c5102849f188ae87c1f372f2cbcdbec2d6d5df6ea677732be4404f7be
libcurl-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: e867c1ec07d332a361032b0d225f69bb11dae27389a6c6fd1eb78f0f6db2116a
libcurl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 9f04f548c5c63ad536f6646cec8e72e770eb397716cd09d5641456bed658f9a4
libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: f1489202ad237a6ed5cc4fd713f3a7e3f9d7b6e763b565479fe4ff49ecf55fc1
libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: e7c63f790952123de485bcbd2c68ca9e51c6895b63bc83d7ffc1b83131b0ed31
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm
SHA-256: 0cee86c55f06cc0a6acd3b0a7e31e51e54fd56b8d255178a83ea55289a9b57ec
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
ppc64le
curl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac
curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221
curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186
curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9
libcurl-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd
libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642
libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7
libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm
SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.3.src.rpm
SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c
x86_64
curl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b
curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff
curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8
curl-debugsource-7.61.1-22.el8_6.3.i686.rpm
SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d
curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b
curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1
curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3
libcurl-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5
libcurl-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773
libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a
libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba
libcurl-devel-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095
libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d
libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e
libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm
SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89
libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm
SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root
Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.