Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5313: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use
  • CVE-2022-27774: curl: credential leak on redirect
  • CVE-2022-27776: curl: auth/cookie leak on redirect
  • CVE-2022-27782: curl: TLS and SSH connection too eager reuse
Red Hat Security Data
#vulnerability#linux#red_hat#ldap#oauth#auth#ssh#ibm#sap#ssl

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
  • curl: credential leak on redirect (CVE-2022-27774)
  • curl: auth/cookie leak on redirect (CVE-2022-27776)
  • curl: TLS and SSH connection too eager reuse (CVE-2022-27782)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2077541 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use
  • BZ - 2077547 - CVE-2022-27774 curl: credential leak on redirect
  • BZ - 2078408 - CVE-2022-27776 curl: auth/cookie leak on redirect
  • BZ - 2082215 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse

CVEs

  • CVE-2022-22576
  • CVE-2022-27774
  • CVE-2022-27776
  • CVE-2022-27782

Red Hat Enterprise Linux for x86_64 8

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

x86_64

curl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b

curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff

curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8

curl-debugsource-7.61.1-22.el8_6.3.i686.rpm

SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d

curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b

curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1

curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3

libcurl-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5

libcurl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773

libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a

libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba

libcurl-devel-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095

libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d

libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e

libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

x86_64

curl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b

curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff

curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8

curl-debugsource-7.61.1-22.el8_6.3.i686.rpm

SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d

curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b

curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1

curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3

libcurl-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5

libcurl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773

libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a

libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba

libcurl-devel-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095

libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d

libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e

libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

x86_64

curl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b

curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff

curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8

curl-debugsource-7.61.1-22.el8_6.3.i686.rpm

SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d

curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b

curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1

curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3

libcurl-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5

libcurl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773

libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a

libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba

libcurl-devel-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095

libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d

libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e

libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

s390x

curl-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: d320362b482d283cd94599903ad54fc270e07b35de614feda6351468af7f1dfc

curl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 82be970e77ec247e1594215e5204cf8283cef6f60552cabc46bbc7b3eafc9eca

curl-debugsource-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 23e1aa9a72a09b93f336a97eb42755e230c26d5e063bfb733b7a56c9f7a8fc23

curl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 1e4b564bf8575ca91236dd56d6aba406323a80eda783413cda7d7783fe10f83a

libcurl-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: e84a26ab280fc209827f4bcab97b3fd1691b787907e3520b886336991af7febf

libcurl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: d095b58caea5b5bc16a4b5cd37619727c6a4e3aa39fd97ed12f2db04e0937189

libcurl-devel-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: c1f14661b70a7fbae64352b046543287b1da4d6572cb0104c7c9ddca0457ed19

libcurl-minimal-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 91df0bd95550f098ba73a02e3cd966553f854a98845500e4329fbc44f4ce9919

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 22e9073363c87ab82b05b48255c66fd727ef466160260dc8d7d48af26459ced8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

s390x

curl-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: d320362b482d283cd94599903ad54fc270e07b35de614feda6351468af7f1dfc

curl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 82be970e77ec247e1594215e5204cf8283cef6f60552cabc46bbc7b3eafc9eca

curl-debugsource-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 23e1aa9a72a09b93f336a97eb42755e230c26d5e063bfb733b7a56c9f7a8fc23

curl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 1e4b564bf8575ca91236dd56d6aba406323a80eda783413cda7d7783fe10f83a

libcurl-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: e84a26ab280fc209827f4bcab97b3fd1691b787907e3520b886336991af7febf

libcurl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: d095b58caea5b5bc16a4b5cd37619727c6a4e3aa39fd97ed12f2db04e0937189

libcurl-devel-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: c1f14661b70a7fbae64352b046543287b1da4d6572cb0104c7c9ddca0457ed19

libcurl-minimal-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 91df0bd95550f098ba73a02e3cd966553f854a98845500e4329fbc44f4ce9919

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm

SHA-256: 22e9073363c87ab82b05b48255c66fd727ef466160260dc8d7d48af26459ced8

Red Hat Enterprise Linux for Power, little endian 8

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

ppc64le

curl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac

curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221

curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186

curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9

libcurl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd

libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642

libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7

libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

ppc64le

curl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac

curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221

curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186

curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9

libcurl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd

libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642

libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7

libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

x86_64

curl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b

curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff

curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8

curl-debugsource-7.61.1-22.el8_6.3.i686.rpm

SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d

curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b

curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1

curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3

libcurl-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5

libcurl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773

libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a

libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba

libcurl-devel-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095

libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d

libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e

libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4

Red Hat Enterprise Linux for ARM 64 8

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

aarch64

curl-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: fd2b8159c8e8a6b7a6a795f891edf1e26eba463e36f3f836641243ab3446b8af

curl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: b2c7cf3618f959f56e30a0f6ef5676bb40a221b6a9424b2f91a8829f11907e7f

curl-debugsource-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: c117c6dcd7309a40fd914c109ee8401b29c2e4961826e07821668edba93be1fd

curl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 3d7d464c5102849f188ae87c1f372f2cbcdbec2d6d5df6ea677732be4404f7be

libcurl-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: e867c1ec07d332a361032b0d225f69bb11dae27389a6c6fd1eb78f0f6db2116a

libcurl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 9f04f548c5c63ad536f6646cec8e72e770eb397716cd09d5641456bed658f9a4

libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: f1489202ad237a6ed5cc4fd713f3a7e3f9d7b6e763b565479fe4ff49ecf55fc1

libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: e7c63f790952123de485bcbd2c68ca9e51c6895b63bc83d7ffc1b83131b0ed31

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 0cee86c55f06cc0a6acd3b0a7e31e51e54fd56b8d255178a83ea55289a9b57ec

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

aarch64

curl-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: fd2b8159c8e8a6b7a6a795f891edf1e26eba463e36f3f836641243ab3446b8af

curl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: b2c7cf3618f959f56e30a0f6ef5676bb40a221b6a9424b2f91a8829f11907e7f

curl-debugsource-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: c117c6dcd7309a40fd914c109ee8401b29c2e4961826e07821668edba93be1fd

curl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 3d7d464c5102849f188ae87c1f372f2cbcdbec2d6d5df6ea677732be4404f7be

libcurl-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: e867c1ec07d332a361032b0d225f69bb11dae27389a6c6fd1eb78f0f6db2116a

libcurl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 9f04f548c5c63ad536f6646cec8e72e770eb397716cd09d5641456bed658f9a4

libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: f1489202ad237a6ed5cc4fd713f3a7e3f9d7b6e763b565479fe4ff49ecf55fc1

libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: e7c63f790952123de485bcbd2c68ca9e51c6895b63bc83d7ffc1b83131b0ed31

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm

SHA-256: 0cee86c55f06cc0a6acd3b0a7e31e51e54fd56b8d255178a83ea55289a9b57ec

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

ppc64le

curl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: ae1bf03daf0f66d047567a8ac965f7be142e71c0320e4d3bc35d0ab3246742ac

curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 246da4773ac0e528e3e21a627f28c930604fe2b4987182db82c72adb81846221

curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 7adc75e56f5d532cf135f770d341ff757be3f885fe63c5514603f08bf4d7e186

curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: e3d5751bef8d6206865c794d3b3de9aadc161df12f2ddfcc7ae694ad6736fee9

libcurl-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 9376460761b6bf70d49354a383536b64820db2467c91b4944f362d3473e082dd

libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 031a6197c09af8dc40e6739aeb0b9223dc9d4bc2e3c763b6c9efa125250b0642

libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: 42ce59f8d68500d1ab92de84e8becd5b3cad605e01c1dfb8d79111064031a2a7

libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: d2de59a24b69467c0569775465991e57870dc3847c2a303cf821ef5a240b6004

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm

SHA-256: c121b34f97ec8531213c2ba16bc29240347d1412baf53df2d250d7337013138a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

curl-7.61.1-22.el8_6.3.src.rpm

SHA-256: 042876713d7327a847be6fcaf65211ce1b1c1f35597aae0b6ecdaae90d1ab43c

x86_64

curl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: a680f026c2fd5a102cc6cd1b7b532abd7a8eb1c9f28ce6f3d32a1b3b58cb539b

curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 887f8606a94fdbef8bea12d8001f42c158ecd1adf6f20d1a9fc78cf8c75b20ff

curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 08ae508f3c1c1c289e9ba72e9a4cc459f45ebc1ae73750f116e52ed820c548f8

curl-debugsource-7.61.1-22.el8_6.3.i686.rpm

SHA-256: a4c1862901789e72e266debac1a5604c75b7535e1a906b65c3c87a2b8c57626d

curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: eeb639791e1a6e2fefa6bef11fc35a03e36627d8f005a8d89cccf3dc9bb5bf6b

curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 00b66f9a917e22c9e81eea6a996f1a49ea2124a02d4d8cf33b926cd98369b7e1

curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: c0554adc6bbff36f13b33ec1b92fedc5ca299b5d44ff1f17e8f297a1caffa4e3

libcurl-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 961076b5bb301e3257b327db7f806d2c2f5468918e7bc45d3c31b3395118b1c5

libcurl-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 37448f8e872512ab55bcc24bc50522a6afdf1c453032b59795359da1b3a78773

libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 89453936a7eec6ffe6709e8f6608b7ccf6a85207585b759937afc18d79ee473a

libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 9f756772480f0bd43bd45a19efabb9e840318f8c0fe38394864d45a4443f22ba

libcurl-devel-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 57a36169e7704c48c759d835d6057e4c30d77abda565fef02fbbb4b3182fc095

libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: adf227627c3796046a014f11600e82a4711717915f5c682eaae9a38383251d5d

libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 1906130230b5c163ff76e2ac6b9bc98cfc1acb752e38250af0d4e5ef719fa22e

libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 0ef5807268057705703df9889ec8358957ec508a3305139e4e7475cc9bed5990

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm

SHA-256: 0720a414fe6dc9d41f47c71e5e30b72fd494014f23e63cbb96dfc53bf20cfe89

libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm

SHA-256: 77c754a1d6869cf4b264a83806122455fd5db515f731869e42faa27aab37a8b4

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

CVE-2022-29838: WDC-22019 My Cloud Firmware Version 5.25.124 | Western Digital

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

CVE-2022-29837: WDC-22018 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 8.12.0-178 | Western Digital

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5909-01

Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-5908-01

Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:5909: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.2.13)

Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5908: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.3.10)

Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5699: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29526: golang: syscall: faccessat checks wrong group

Red Hat Security Advisory 2022-5531-01

Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.

Red Hat Security Advisory 2022-5556-01

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-5704-01

Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.

RHSA-2022:5704: Red Hat Security Advisory: ACS 3.71 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root

Red Hat Security Advisory 2022-5673-01

Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.

CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).

RHSA-2022:5673: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:5556: Red Hat Security Advisory: Logging Subsystem 5.4.3 - Red Hat OpenShift security update

Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5531: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account

Red Hat Security Advisory 2022-5245-01

Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.

Red Hat Security Advisory 2022-5245-01

Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.

Red Hat Security Advisory 2022-5245-01

Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.

Red Hat Security Advisory 2022-5245-01

Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.

RHSA-2022:5245: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse

RHSA-2022:5245: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse

RHSA-2022:5245: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse

RHSA-2022:5245: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-use * CVE-2022-27774: curl: credential leak on redirect * CVE-2022-27776: curl: auth/cookie leak on redirect * CVE-2022-27782: curl: TLS and SSH connection too eager reuse

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Ubuntu Security Notice USN-5412-1

Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.