Headline
RHSA-2023:2963: Red Hat Security Advisory: curl security and bug fix update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-35252: A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a “sister site” to deny service to siblings and cause a denial of service attack.
- CVE-2022-43552: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:2963 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: curl security and bug fix update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)
- curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies
- BZ - 2139337 - Fall back automagically to HTTP1.1 from HTTP2.0 when performing auth method
- BZ - 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response
- BZ - 2166254 - curl fails large file downloads for some http2 server
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
curl-7.61.1-30.el8.src.rpm
SHA-256: 186eaaa84e0b2d4aeb0eb3dd70d59a2db1ff32dc95d7b11e968d927085c96bec
x86_64
curl-7.61.1-30.el8.x86_64.rpm
SHA-256: a326040d608dc9caf7558f1163ff04b21dabb23248298fa0eb0a37f02c15f509
curl-debuginfo-7.61.1-30.el8.i686.rpm
SHA-256: ab9196a7663501b32654ae4e4332b8efcdfadcdcb5d0ed9592f0659c50cf8394
curl-debuginfo-7.61.1-30.el8.x86_64.rpm
SHA-256: 8e2087d88b948a2e8750e4ab7fbbbe48f4acc05d234e85a9760bcc198b8cfe4b
curl-debugsource-7.61.1-30.el8.i686.rpm
SHA-256: 66665bcbdeb9dea2f121bcd904383defc05041287b2b4a11879962b128f432fb
curl-debugsource-7.61.1-30.el8.x86_64.rpm
SHA-256: b6090fbf1d698694fa216f9549bf08bb8771f158d30ce7c0ea0b83894de470c8
curl-minimal-debuginfo-7.61.1-30.el8.i686.rpm
SHA-256: c73b99013e6a1d1bbcf46a51e53871f2594562f45fd45f0fac6735fd9ab48074
curl-minimal-debuginfo-7.61.1-30.el8.x86_64.rpm
SHA-256: d3a7aa773f75af595f7a92e0187806b555e429cea052990c92df3401a8bd7db1
libcurl-7.61.1-30.el8.i686.rpm
SHA-256: 3b9c97995f9e206b781d309bb4ca2643d85da1c20cf56f3e53bfdf5414ff853c
libcurl-7.61.1-30.el8.x86_64.rpm
SHA-256: 889fc160071ee26879202f69ef8dbc66e05f49cb5e0b74c574bea26b265c7734
libcurl-debuginfo-7.61.1-30.el8.i686.rpm
SHA-256: b17d4543a9f31626aa49a6a7842d99842bea4b4cffe3f4c0ceee8369af4de994
libcurl-debuginfo-7.61.1-30.el8.x86_64.rpm
SHA-256: 3908c9f5fe45429a0122825c63a846c0ef25603d9deec2d70e2ec6777feaf4d3
libcurl-devel-7.61.1-30.el8.i686.rpm
SHA-256: dae30273ecf255bbb070a6abc8c7186509ba1c08bce45f2dd5bc093c668671bc
libcurl-devel-7.61.1-30.el8.x86_64.rpm
SHA-256: 0f4feadb4c75ee0fefa95cfd9de15966c256557f476888fbecbe88147186c99f
libcurl-minimal-7.61.1-30.el8.i686.rpm
SHA-256: 9e630b85724dae1dfb6fb65f79a5bc34606d5101f837a5b0cdfe7db497067e9b
libcurl-minimal-7.61.1-30.el8.x86_64.rpm
SHA-256: 4277a6d57efeb19181d332c934f813a1c8e77b6c9295bbfc4085631928bb9542
libcurl-minimal-debuginfo-7.61.1-30.el8.i686.rpm
SHA-256: 592eed416bf75e6ae8bc50462f833bec677c13a1feaed816f2f2912842a5a846
libcurl-minimal-debuginfo-7.61.1-30.el8.x86_64.rpm
SHA-256: 7fa3e0db574999e5657fe8ea257500a40059b588b95d0a19cc39c9c83ac37c2b
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
curl-7.61.1-30.el8.src.rpm
SHA-256: 186eaaa84e0b2d4aeb0eb3dd70d59a2db1ff32dc95d7b11e968d927085c96bec
s390x
curl-7.61.1-30.el8.s390x.rpm
SHA-256: 1107a21e1466dd8c9ebfdbbf3732f6c691856e2b2a7008a67e7b97c160880bf6
curl-debuginfo-7.61.1-30.el8.s390x.rpm
SHA-256: 2a070bc3863b7f97099b4f6b1ebeec0304172693d15c36b012538d966441a5f4
curl-debugsource-7.61.1-30.el8.s390x.rpm
SHA-256: 5660c3d053774ebd7c24b9985b5af7efc07a3cbf801f87209e4cf930bb348502
curl-minimal-debuginfo-7.61.1-30.el8.s390x.rpm
SHA-256: bf3c095ad79098c0f354b9019404e0097d3bc0d5311413b4f90bada838ce8e76
libcurl-7.61.1-30.el8.s390x.rpm
SHA-256: abdebe816a9fa19302688b38c528127dc8316ae3a9c2c5e38fc33ee6f72d471b
libcurl-debuginfo-7.61.1-30.el8.s390x.rpm
SHA-256: 96b60d4233bd95561c0cb3de5d424d7057a6c8402d6141698d611dc58d8961fb
libcurl-devel-7.61.1-30.el8.s390x.rpm
SHA-256: a101c1d38950632fd29bc2749047cc720ef63b1bf08913f9e987b1c87655bed9
libcurl-minimal-7.61.1-30.el8.s390x.rpm
SHA-256: f5992289d672bfa271d0d4642bf6cca2876ee1673cc019398d78ba5ac5a46300
libcurl-minimal-debuginfo-7.61.1-30.el8.s390x.rpm
SHA-256: 25fb0afa09ee375fac3e7eb5c8206f7c8873c2355193711300a21412864db61f
Red Hat Enterprise Linux for Power, little endian 8
SRPM
curl-7.61.1-30.el8.src.rpm
SHA-256: 186eaaa84e0b2d4aeb0eb3dd70d59a2db1ff32dc95d7b11e968d927085c96bec
ppc64le
curl-7.61.1-30.el8.ppc64le.rpm
SHA-256: c6aab3a21185aec651c9c70fa22a72563814024bb8f4049a0d05c08f551950fc
curl-debuginfo-7.61.1-30.el8.ppc64le.rpm
SHA-256: 5d0cb4b6f0ae315a37b07a0d3b4e185400fc4ac7901263ae86d76ba1c6c26d92
curl-debugsource-7.61.1-30.el8.ppc64le.rpm
SHA-256: 74725e869bde5ed5f6bf250f160aaa1da57ac0ebaf45743c263e1b99af6dda8a
curl-minimal-debuginfo-7.61.1-30.el8.ppc64le.rpm
SHA-256: d3986050d5b998129382fcd6a8e9020c8ce7453084a42fc75f18be2a413a2214
libcurl-7.61.1-30.el8.ppc64le.rpm
SHA-256: 329c6d72ed2c2c611807653ee7956363e1b6f9d0d44bb325d12857103f99d1f5
libcurl-debuginfo-7.61.1-30.el8.ppc64le.rpm
SHA-256: 2a4a7379372a31f3e23a60b406c3c6b90716dcb9f286ac8dc6aa4bb32041d62a
libcurl-devel-7.61.1-30.el8.ppc64le.rpm
SHA-256: 112f7c407a388a08684e459666e4f26c6ef6634c58352a78cbd8f71e2dc3810d
libcurl-minimal-7.61.1-30.el8.ppc64le.rpm
SHA-256: 23909be696b2b565ecbc4e2f8d36ec6e5dd9b4f0e755843efb8dce78b2d7c16b
libcurl-minimal-debuginfo-7.61.1-30.el8.ppc64le.rpm
SHA-256: effb2bb99414671f8c8b9c1c726b8bc9440e4269959a124c17d6b8c7224b7479
Red Hat Enterprise Linux for ARM 64 8
SRPM
curl-7.61.1-30.el8.src.rpm
SHA-256: 186eaaa84e0b2d4aeb0eb3dd70d59a2db1ff32dc95d7b11e968d927085c96bec
aarch64
curl-7.61.1-30.el8.aarch64.rpm
SHA-256: 58e05684e641d8cf01a3d5b963ff0f1b87d3ff6f24f9c6ed167872de60825fc1
curl-debuginfo-7.61.1-30.el8.aarch64.rpm
SHA-256: e356834254065b5532eff812a8bdddfc68086a2afc2f9d22f88b956c224af605
curl-debugsource-7.61.1-30.el8.aarch64.rpm
SHA-256: 252d4839eff8d9e10925c9e0f7be96ffa77b8713ca173133c0a5ed7bfb89e57c
curl-minimal-debuginfo-7.61.1-30.el8.aarch64.rpm
SHA-256: b55db336e116d3cd00517fc5e2a09c825f1ea07d534a97190fecfc28aadae74a
libcurl-7.61.1-30.el8.aarch64.rpm
SHA-256: ce0a7152290584fe6f6bd26e93c2c1654d4157ec7cd63284fb093944c9c88de1
libcurl-debuginfo-7.61.1-30.el8.aarch64.rpm
SHA-256: 80bd1d6bb7c4c7fd88c619c9d562638fe91b726677af5959f7a81c52b1e841db
libcurl-devel-7.61.1-30.el8.aarch64.rpm
SHA-256: 8fe72b994505eb840d3cac8882064b0619728fadd155178431052d99737ab481
libcurl-minimal-7.61.1-30.el8.aarch64.rpm
SHA-256: 65551ad505ca006b7cddc9e081231f2d5723ed3c63afb8c8e63f72ebea9aca52
libcurl-minimal-debuginfo-7.61.1-30.el8.aarch64.rpm
SHA-256: 0e09f2be35f0d13071b0536178ed1f61cf6214bb9158b9dd9c6bde84c75a8396
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.
Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-2963-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include file download and use-after-free vulnerabilities.
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35252: A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This is...
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35252: A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This is...
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Ubuntu Security Notice 5788-1 - Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-20...
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Ubuntu Security Notice 5587-1 - Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP server might return a 400 response. A malicious cookie host could possibly use this to cause denial-of-service.