Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5598: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-28321: A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.
  • CVE-2023-28322: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.
Red Hat Security Data
#vulnerability#linux#red_hat#ldap#ibm#sap

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
  • curl: more POST-after-PUT confusion (CVE-2023-28322)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation
  • BZ - 2196793 - CVE-2023-28322 curl: more POST-after-PUT confusion

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

x86_64

curl-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: b89930e50a1b13c0be2d92372036f0722d37c9bcf6706b40f86140784fdb7632

curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d

curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d

curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81

curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81

curl-debugsource-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410

curl-debugsource-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410

curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d

curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d

curl-minimal-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: cf21bbe51e61a7f9c60c5ec102dad110119a7c663186a3443097398239e3c766

curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c

curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c

curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880

curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880

libcurl-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 478a6f209c0f766005ef061971983d9622b5af5434af4356910ab2507d509b33

libcurl-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: ae21bdbbff43998d45305a808765628696cc2469d6ebddc045d476e42d748467

libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3

libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3

libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38

libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38

libcurl-devel-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 27869dbf78891ca0bd78cd3b5a89bcfacc1c8418a6c620065c6b2db8c90d0120

libcurl-devel-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 0bf5dc3f9df67bd494adcc5cfbbb747846fbcef3456193619cc83f45ace9727b

libcurl-minimal-7.76.1-14.el9_0.7.i686.rpm

SHA-256: fde1bac9af4b825945312ed8710c893ba5d4293206f9f77df65cc7c051859994

libcurl-minimal-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 43bf68fa067f245def1abd454f5830d641816e64a42b5efe820aeb5443c03e79

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

s390x

curl-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 60ede310067087e89c4411e6341fe85f3b90cf4cb7327f59a5e0a0ca74ec2cd2

curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891

curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891

curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd

curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd

curl-minimal-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 1834565b761bbeacaffce0dd16a17db05fc40dd8d055286e94f5fb9f3b7c6317

curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0

curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0

libcurl-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 7d3536efc24aa70c2ff69f2a965994246629273f50e0fe0714db203b190b47b4

libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb

libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb

libcurl-devel-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 881f603a21ed94a1f0983ea8d700f3128427452328b30a28a3af4ec1a0c81b3b

libcurl-minimal-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: c9b74fd843966a664a2c34adabeb3a065090d61eb138826fc72558275754cc20

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

ppc64le

curl-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: ae3373c83fbef107d1d13284a5db4dbc1bc0575c331c0453877af8993f6a8dd4

curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48

curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48

curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13

curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13

curl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 1fc3826d9139d81ba942e063c6bbc7417da5b5b0cd9e37cdaaa084e2f6eec381

curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7

curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7

libcurl-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 28ce14933e23aed79532b210ffb162167715bc5350c04ca0821153845856f1d3

libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d

libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d

libcurl-devel-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: ec2fe72b8335483d889f396407be623070b086967241863f13647dd30809db4e

libcurl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 89ed4fb44978a57a8e32dc1bb5808b366002826357852177eec83581c0127dd9

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

aarch64

curl-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: db9b3817e8481c79a3bcad289b73b8e4d729aaf28020dbe0b9e220c0edf12bfb

curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822

curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822

curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d

curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d

curl-minimal-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 3f33d80de23d42382bd7f87bab04b586968ba1d28cb550790f8e61b0ca3ca3ad

curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a

curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a

libcurl-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: a2c8fdc252a243ed6d41c2c37888da1ade41894b0c5417cd6a2bd37f8378f43b

libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489

libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489

libcurl-devel-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 80705aa9de8813b99424a4c9fdd5b3b29b0ce3f30e7eb99b81cf54f344e3c803

libcurl-minimal-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6084bd0b90b212004dd04336a50fa3f9ddbbba2ca29879250459089ee40a7aca

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

ppc64le

curl-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: ae3373c83fbef107d1d13284a5db4dbc1bc0575c331c0453877af8993f6a8dd4

curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48

curl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 2381f1c5535aa59b613ae752c358df4513185ccd24ac2734351792cafaf3bd48

curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13

curl-debugsource-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 966f65d482567af80402b483ff27c8d86be04041a4befb7884a394e04e7eee13

curl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 1fc3826d9139d81ba942e063c6bbc7417da5b5b0cd9e37cdaaa084e2f6eec381

curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7

curl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 993b6301e0fe74dc6016018dcae37b878fecadb4de18aa58c9a2a71719ec0ce7

libcurl-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 28ce14933e23aed79532b210ffb162167715bc5350c04ca0821153845856f1d3

libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d

libcurl-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: f6da2c0e0acda7cbc5f571e7f2f02ef0afb5879c40a79850a8e8e10d0166df2d

libcurl-devel-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: ec2fe72b8335483d889f396407be623070b086967241863f13647dd30809db4e

libcurl-minimal-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 89ed4fb44978a57a8e32dc1bb5808b366002826357852177eec83581c0127dd9

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.ppc64le.rpm

SHA-256: 57a15b3d6dfd9736c2fa9cb50d6af4179c5062fa7d60a146afc72997ec7ff0e8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

x86_64

curl-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: b89930e50a1b13c0be2d92372036f0722d37c9bcf6706b40f86140784fdb7632

curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d

curl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 996f694a2217edce66590741c8c8c51df35f4441c7f1070a145f7be9efd3f99d

curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81

curl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: bbfe779f8627b8b5ccf508b85709f0aafde0021db3dcc73d530f6810e68bfc81

curl-debugsource-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410

curl-debugsource-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 7cd81bff357d080a90d9f2f58990714c52791355eff008c41d0b360479e5d410

curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d

curl-debugsource-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 949f7cfe34c4aa6aead413a8066be84ede63c84ed5128d75236a0962ffce979d

curl-minimal-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: cf21bbe51e61a7f9c60c5ec102dad110119a7c663186a3443097398239e3c766

curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c

curl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: b330b3ef7190e1a9bda3724e6e50f39b8afe772c7503cbbe37dca03cef5fe79c

curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880

curl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 5fb1e4a0166827fbc896a03797b5335ef1616a5b350be0b6735d25667d526880

libcurl-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 478a6f209c0f766005ef061971983d9622b5af5434af4356910ab2507d509b33

libcurl-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: ae21bdbbff43998d45305a808765628696cc2469d6ebddc045d476e42d748467

libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3

libcurl-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 1b94ac7ba7068d0f6522b74d955040559dae180418a82dc9a256c6b414049ee3

libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38

libcurl-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: a2ae7374129229cd0df0f1012add195600af8ac2e2a9438d96a5f9ab8eeefd38

libcurl-devel-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 27869dbf78891ca0bd78cd3b5a89bcfacc1c8418a6c620065c6b2db8c90d0120

libcurl-devel-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 0bf5dc3f9df67bd494adcc5cfbbb747846fbcef3456193619cc83f45ace9727b

libcurl-minimal-7.76.1-14.el9_0.7.i686.rpm

SHA-256: fde1bac9af4b825945312ed8710c893ba5d4293206f9f77df65cc7c051859994

libcurl-minimal-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 43bf68fa067f245def1abd454f5830d641816e64a42b5efe820aeb5443c03e79

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.i686.rpm

SHA-256: 2c2d54658b3b7041b15fbd5431102763d18d9a39935420258e220f3bbf225118

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.x86_64.rpm

SHA-256: 80b90f472c7caf1032f23d860f52d0fdb65ecf3006c8ff910279f45a225d1789

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

aarch64

curl-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: db9b3817e8481c79a3bcad289b73b8e4d729aaf28020dbe0b9e220c0edf12bfb

curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822

curl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: c0432ec4cf11eb3b5f1dfc5fcec5a18b96c6c207588bcc57f803c360dde2b822

curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d

curl-debugsource-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 20f5c3a53e515f883ae77f75a7e1c24369608b625edc1d183716ccd08e3e8c4d

curl-minimal-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 3f33d80de23d42382bd7f87bab04b586968ba1d28cb550790f8e61b0ca3ca3ad

curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a

curl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6091ffb820942fbb078a6be75ab5b5a3728defea195baac6152483cb7ef6b36a

libcurl-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: a2c8fdc252a243ed6d41c2c37888da1ade41894b0c5417cd6a2bd37f8378f43b

libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489

libcurl-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 9c50ab6b35aa8b40b8bcbdde0dd00bf2ad21f130161fcd42277d3d0731042489

libcurl-devel-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 80705aa9de8813b99424a4c9fdd5b3b29b0ce3f30e7eb99b81cf54f344e3c803

libcurl-minimal-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 6084bd0b90b212004dd04336a50fa3f9ddbbba2ca29879250459089ee40a7aca

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.aarch64.rpm

SHA-256: 5b73bd429d1c728ce0e320c5cafa1574059a67803195334b3366e2b668a49544

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

curl-7.76.1-14.el9_0.7.src.rpm

SHA-256: 707d65cba9699f916e5d7d7420fbee0f6fc7570022e15e37fb1d234f7e32bc38

s390x

curl-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 60ede310067087e89c4411e6341fe85f3b90cf4cb7327f59a5e0a0ca74ec2cd2

curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891

curl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: b08e32337acd09939e1f28871959a0ae69e4a134ae54f9cdc769fda683a23891

curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd

curl-debugsource-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 82863b6a21d7f96e3cdf07bffb224ebcf137b06d4b08119c96b17e347fd305bd

curl-minimal-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 1834565b761bbeacaffce0dd16a17db05fc40dd8d055286e94f5fb9f3b7c6317

curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0

curl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 6692e2f71a83b70644ce521056a88a9caf2fc8fe350b62f4a32360dfe4f97bf0

libcurl-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 7d3536efc24aa70c2ff69f2a965994246629273f50e0fe0714db203b190b47b4

libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb

libcurl-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 816d5be941a29de144e577c89653ba42111e74c15992ecaa87f1e8436915acfb

libcurl-devel-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 881f603a21ed94a1f0983ea8d700f3128427452328b30a28a3af4ec1a0c81b3b

libcurl-minimal-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: c9b74fd843966a664a2c34adabeb3a065090d61eb138826fc72558275754cc20

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e

libcurl-minimal-debuginfo-7.76.1-14.el9_0.7.s390x.rpm

SHA-256: 948b14e2a9a421b441084a24940626717e1ac68c970f5edb99c8d6daa3cfba5e

Related news

Red Hat Security Advisory 2024-1601-03

Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5598-01

Red Hat Security Advisory 2023-5598-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Ubuntu Security Notice USN-6237-3

Ubuntu Security Notice 6237-3 - USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts.

Ubuntu Security Notice USN-6237-3

Ubuntu Security Notice 6237-3 - USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts.

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4889-01

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4629: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...

Red Hat Security Advisory 2023-4650-01

Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-36854: About the security content of macOS Big Sur 11.7.9

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-36854: About the security content of macOS Big Sur 11.7.9

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.

Apple Security Advisory 2023-07-24-6

Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6237-2

Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.

Ubuntu Security Notice USN-6237-2

Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.

CVE-2023-28322

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.