Headline
RHSA-2023:5598: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28321: A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.
- CVE-2023-28322: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
- curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation
- BZ - 2196793 - CVE-2023-28322 curl: more POST-after-PUT confusion
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
x86_64
curl-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: b89930e50a1b13c0be2d92372036f0722d37c9bcf6706b40f86140784fdb7632
curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d
curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d
curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81
curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81
curl-debugsource-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410
curl-debugsource-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410
curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d
curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d
curl-minimal-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: cf21bbe51e61a7f9c60c5ec102dad110119a7c663186a3443097398239e3c766
curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c
curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c
curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880
curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880
libcurl-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 478a6f209c0f766005ef061971983d9622b5af5434af4356910ab2507d509b33
libcurl-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: ae21bdbbff43998d45305a808765628696cc2469d6ebddc045d476e42d748467
libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3
libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3
libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38
libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38
libcurl-devel-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 27869dbf78891ca0bd78cd3b5a89bcfacc1c8418a6c620065c6b2db8c90d0120
libcurl-devel-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 0bf5dc3f9df67bd494adcc5cfbbb747846fbcef3456193619cc83f45ace9727b
libcurl-minimal-7.76.1-14.el9_0.7.i686.rpm
SHA-256: fde1bac9af4b825945312ed8710c893ba5d4293206f9f77df65cc7c051859994
libcurl-minimal-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 43bf68fa067f245def1abd454f5830d641816e64a42b5efe820aeb5443c03e79
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
s390x
curl-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 60ede310067087e89c4411e6341fe85f3b90cf4cb7327f59a5e0a0ca74ec2cd2
curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891
curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891
curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd
curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd
curl-minimal-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 1834565b761bbeacaffce0dd16a17db05fc40dd8d055286e94f5fb9f3b7c6317
curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0
curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0
libcurl-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 7d3536efc24aa70c2ff69f2a965994246629273f50e0fe0714db203b190b47b4
libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb
libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb
libcurl-devel-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 881f603a21ed94a1f0983ea8d700f3128427452328b30a28a3af4ec1a0c81b3b
libcurl-minimal-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: c9b74fd843966a664a2c34adabeb3a065090d61eb138826fc72558275754cc20
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
ppc64le
curl-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: ae3373c83fbef107d1d13284a5db4dbc1bc0575c331c0453877af8993f6a8dd4
curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48
curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48
curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13
curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13
curl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 1fc3826d9139d81ba942e063c6bbc7417da5b5b0cd9e37cdaaa084e2f6eec381
curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7
curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7
libcurl-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 28ce14933e23aed79532b210ffb162167715bc5350c04ca0821153845856f1d3
libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d
libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d
libcurl-devel-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: ec2fe72b8335483d889f396407be623070b086967241863f13647dd30809db4e
libcurl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 89ed4fb44978a57a8e32dc1bb5808b366002826357852177eec83581c0127dd9
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
aarch64
curl-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: db9b3817e8481c79a3bcad289b73b8e4d729aaf28020dbe0b9e220c0edf12bfb
curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822
curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822
curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d
curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d
curl-minimal-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 3f33d80de23d42382bd7f87bab04b586968ba1d28cb550790f8e61b0ca3ca3ad
curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a
curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a
libcurl-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: a2c8fdc252a243ed6d41c2c37888da1ade41894b0c5417cd6a2bd37f8378f43b
libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489
libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489
libcurl-devel-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 80705aa9de8813b99424a4c9fdd5b3b29b0ce3f30e7eb99b81cf54f344e3c803
libcurl-minimal-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6084bd0b90b212004dd04336a50fa3f9ddbbba2ca29879250459089ee40a7aca
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
ppc64le
curl-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: ae3373c83fbef107d1d13284a5db4dbc1bc0575c331c0453877af8993f6a8dd4
curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48
curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48
curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13
curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13
curl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 1fc3826d9139d81ba942e063c6bbc7417da5b5b0cd9e37cdaaa084e2f6eec381
curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7
curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7
libcurl-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 28ce14933e23aed79532b210ffb162167715bc5350c04ca0821153845856f1d3
libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d
libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d
libcurl-devel-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: ec2fe72b8335483d889f396407be623070b086967241863f13647dd30809db4e
libcurl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 89ed4fb44978a57a8e32dc1bb5808b366002826357852177eec83581c0127dd9
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm
SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
x86_64
curl-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: b89930e50a1b13c0be2d92372036f0722d37c9bcf6706b40f86140784fdb7632
curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d
curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d
curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81
curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81
curl-debugsource-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410
curl-debugsource-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410
curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d
curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d
curl-minimal-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: cf21bbe51e61a7f9c60c5ec102dad110119a7c663186a3443097398239e3c766
curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c
curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c
curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880
curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880
libcurl-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 478a6f209c0f766005ef061971983d9622b5af5434af4356910ab2507d509b33
libcurl-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: ae21bdbbff43998d45305a808765628696cc2469d6ebddc045d476e42d748467
libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3
libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3
libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38
libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38
libcurl-devel-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 27869dbf78891ca0bd78cd3b5a89bcfacc1c8418a6c620065c6b2db8c90d0120
libcurl-devel-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 0bf5dc3f9df67bd494adcc5cfbbb747846fbcef3456193619cc83f45ace9727b
libcurl-minimal-7.76.1-14.el9_0.7.i686.rpm
SHA-256: fde1bac9af4b825945312ed8710c893ba5d4293206f9f77df65cc7c051859994
libcurl-minimal-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 43bf68fa067f245def1abd454f5830d641816e64a42b5efe820aeb5443c03e79
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm
SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm
SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
aarch64
curl-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: db9b3817e8481c79a3bcad289b73b8e4d729aaf28020dbe0b9e220c0edf12bfb
curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822
curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822
curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d
curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d
curl-minimal-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 3f33d80de23d42382bd7f87bab04b586968ba1d28cb550790f8e61b0ca3ca3ad
curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a
curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a
libcurl-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: a2c8fdc252a243ed6d41c2c37888da1ade41894b0c5417cd6a2bd37f8378f43b
libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489
libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489
libcurl-devel-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 80705aa9de8813b99424a4c9fdd5b3b29b0ce3f30e7eb99b81cf54f344e3c803
libcurl-minimal-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 6084bd0b90b212004dd04336a50fa3f9ddbbba2ca29879250459089ee40a7aca
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm
SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
curl-7.76.1-14.el9_0.7.src.rpm
SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38
s390x
curl-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 60ede310067087e89c4411e6341fe85f3b90cf4cb7327f59a5e0a0ca74ec2cd2
curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891
curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891
curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd
curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd
curl-minimal-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 1834565b761bbeacaffce0dd16a17db05fc40dd8d055286e94f5fb9f3b7c6317
curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0
curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0
libcurl-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 7d3536efc24aa70c2ff69f2a965994246629273f50e0fe0714db203b190b47b4
libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb
libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb
libcurl-devel-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 881f603a21ed94a1f0983ea8d700f3128427452328b30a28a3af4ec1a0c81b3b
libcurl-minimal-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: c9b74fd843966a664a2c34adabeb3a065090d61eb138826fc72558275754cc20
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e
libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm
SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e
Related news
Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5598-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Ubuntu Security Notice 6237-3 - USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts.
Ubuntu Security Notice 6237-3 - USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.
Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.
Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.
Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.