Headline
RHSA-2023:4523: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-27536: A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
- CVE-2023-28321: A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: GSS delegation too eager connection re-use (CVE-2023-27536)
- curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2179092 - CVE-2023-27536 curl: GSS delegation too eager connection re-use
- BZ - 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation
Red Hat Enterprise Linux for x86_64 8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
x86_64
curl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: bf2d5700911faf7b1d5c43b9dca6231a5830d637a82d872ec275bb19f280cc91
curl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 31ec5f07c1e78ee75c64200d9aba4cf5e66ac3a678ac72fc217d11d88be04ec0
curl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6da6910ec7b56c2d7a9ba488975d932743c476fa25534a27357e07978b063ac7
curl-debugsource-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 8d97a01e624c33b758fa6d3373e3c40896d82c91aeffd33e60d91ca48e8504ca
curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 52dd704258579c46235345fa057357e3de26e23379f15a0aa8480d6c93bc6b4a
curl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 1fb507279d86deb90a50389153126db05b06a29468dd933c50397af33efe97bd
curl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6bf18cb29c0b82301c79cca8f5ce6c0433242433b689e4cc4f7ed10149612d65
libcurl-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 0e81671ea31b67a12a4e3f3a5453f62631c609814b47a371e1cc172f64c4fce5
libcurl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: d4ad9f4f7e86528a97a81df2f9bc11af767b849637cd8f56837d5ca70d7f5c5d
libcurl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: d9b5d29dd16a8e42c535d267cd3a2b39cd6e3c962498f42b2a11b22d70662e24
libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 1568e078d223bb3c889f82b71fc17be86408bf43b1d394cd0dc77f5bb0b64e5d
libcurl-devel-7.61.1-30.el8_8.3.i686.rpm
SHA-256: ba6f98e0ebb312cbbf507402fa2479534464bf21f91770881a02171b3af4c2b5
libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 69169ef2aa0914ace96120b82a816137557c107309f4a25a6124884965185d7a
libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 6a4d527fa42d53ce2d9432686fbdf0f08867de970bb37b73fde128d3f224cdfe
libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 5fd6c6989eeda4fdf6edbe852ee7b04a3f47ac76d623be0e98e2700f3e72362e
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 995b2a2cdfd52133eedee12eb796293bd1760b9743865840c8538cf2b3c06168
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 621331ebc9caaa16646337007d31c2f689f3578ce589cc50d696747e98efc2ed
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
x86_64
curl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: bf2d5700911faf7b1d5c43b9dca6231a5830d637a82d872ec275bb19f280cc91
curl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 31ec5f07c1e78ee75c64200d9aba4cf5e66ac3a678ac72fc217d11d88be04ec0
curl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6da6910ec7b56c2d7a9ba488975d932743c476fa25534a27357e07978b063ac7
curl-debugsource-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 8d97a01e624c33b758fa6d3373e3c40896d82c91aeffd33e60d91ca48e8504ca
curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 52dd704258579c46235345fa057357e3de26e23379f15a0aa8480d6c93bc6b4a
curl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 1fb507279d86deb90a50389153126db05b06a29468dd933c50397af33efe97bd
curl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6bf18cb29c0b82301c79cca8f5ce6c0433242433b689e4cc4f7ed10149612d65
libcurl-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 0e81671ea31b67a12a4e3f3a5453f62631c609814b47a371e1cc172f64c4fce5
libcurl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: d4ad9f4f7e86528a97a81df2f9bc11af767b849637cd8f56837d5ca70d7f5c5d
libcurl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: d9b5d29dd16a8e42c535d267cd3a2b39cd6e3c962498f42b2a11b22d70662e24
libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 1568e078d223bb3c889f82b71fc17be86408bf43b1d394cd0dc77f5bb0b64e5d
libcurl-devel-7.61.1-30.el8_8.3.i686.rpm
SHA-256: ba6f98e0ebb312cbbf507402fa2479534464bf21f91770881a02171b3af4c2b5
libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 69169ef2aa0914ace96120b82a816137557c107309f4a25a6124884965185d7a
libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 6a4d527fa42d53ce2d9432686fbdf0f08867de970bb37b73fde128d3f224cdfe
libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 5fd6c6989eeda4fdf6edbe852ee7b04a3f47ac76d623be0e98e2700f3e72362e
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 995b2a2cdfd52133eedee12eb796293bd1760b9743865840c8538cf2b3c06168
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 621331ebc9caaa16646337007d31c2f689f3578ce589cc50d696747e98efc2ed
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
s390x
curl-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: af43d3e74618d4dd14e163030513299d01d706481ed3fccc063d594d22ac2648
curl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: d8462f5cae96dd4d3ab6622c09a158b7bd5f8295236951edac61f596652e87a5
curl-debugsource-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 9885840efa917980779ce64ccdd57704d461e38429666c70c17065e7c7665774
curl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: c2b8ce1194b49d32968de601f9e921283202492b5a9572e0f4ef0843a100e41c
libcurl-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: b490bdcef1268713fda0e2168d788d8017c391f08e29bc1c9787571673930d52
libcurl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 7fc3e478218b3b57402be8861456c116164d981106830734fa1f630192a9ca49
libcurl-devel-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: c5c7929a203f57d70ba8c3577dfb0d1776869c07ddd8b2f862bb4acca4d9f9e6
libcurl-minimal-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 1015536a9347dca9c0f005bc4199536d17b5b0ce47c29df0264b93b5f565aed1
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 09e41f5eb53a966a6101e1f975a9542090af04ddd6dd97d40ddf183a93df2d90
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
s390x
curl-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: af43d3e74618d4dd14e163030513299d01d706481ed3fccc063d594d22ac2648
curl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: d8462f5cae96dd4d3ab6622c09a158b7bd5f8295236951edac61f596652e87a5
curl-debugsource-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 9885840efa917980779ce64ccdd57704d461e38429666c70c17065e7c7665774
curl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: c2b8ce1194b49d32968de601f9e921283202492b5a9572e0f4ef0843a100e41c
libcurl-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: b490bdcef1268713fda0e2168d788d8017c391f08e29bc1c9787571673930d52
libcurl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 7fc3e478218b3b57402be8861456c116164d981106830734fa1f630192a9ca49
libcurl-devel-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: c5c7929a203f57d70ba8c3577dfb0d1776869c07ddd8b2f862bb4acca4d9f9e6
libcurl-minimal-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 1015536a9347dca9c0f005bc4199536d17b5b0ce47c29df0264b93b5f565aed1
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm
SHA-256: 09e41f5eb53a966a6101e1f975a9542090af04ddd6dd97d40ddf183a93df2d90
Red Hat Enterprise Linux for Power, little endian 8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
ppc64le
curl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fafb521108a4be1414997046a34027daf0a40e9ff1bf8089aadd48564b53998e
curl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38b1ebf306c30b3576f4e5ca4fd31d0e94ef7d3b8a6828cdba240c324c9ccbf9
curl-debugsource-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: e6fe5f6168f8e618446d4f3a14c186dfa00d4628d9aca6bb82c59b52b5e46db1
curl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38dac03458a426f6c05179fda02f0733957bcb164143826b6dcb9ed8995230ac
libcurl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fd7b67bfcbb2422fe2cd6e307db3e515b25b4842c7a309de1552f0babd580751
libcurl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 725ea1a07685f4d5f923de250ebcf8488664d668fe7d41e35967db1e0566cb19
libcurl-devel-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 780945ebd5911b06bf5dc94b24ad2bd9f6c2964d6e50a383d02ac6ea43c1be83
libcurl-minimal-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: d2a2f0f3b707719d8baf3a62e2928dac6183fa5c33eb9db41e06d32d4ce6eb41
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: a072b4bf0ddaff4c9d5eacb76d3b5273f6b3b1a0b9e8a5d9932aba4ed1def129
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
ppc64le
curl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fafb521108a4be1414997046a34027daf0a40e9ff1bf8089aadd48564b53998e
curl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38b1ebf306c30b3576f4e5ca4fd31d0e94ef7d3b8a6828cdba240c324c9ccbf9
curl-debugsource-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: e6fe5f6168f8e618446d4f3a14c186dfa00d4628d9aca6bb82c59b52b5e46db1
curl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38dac03458a426f6c05179fda02f0733957bcb164143826b6dcb9ed8995230ac
libcurl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fd7b67bfcbb2422fe2cd6e307db3e515b25b4842c7a309de1552f0babd580751
libcurl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 725ea1a07685f4d5f923de250ebcf8488664d668fe7d41e35967db1e0566cb19
libcurl-devel-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 780945ebd5911b06bf5dc94b24ad2bd9f6c2964d6e50a383d02ac6ea43c1be83
libcurl-minimal-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: d2a2f0f3b707719d8baf3a62e2928dac6183fa5c33eb9db41e06d32d4ce6eb41
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: a072b4bf0ddaff4c9d5eacb76d3b5273f6b3b1a0b9e8a5d9932aba4ed1def129
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
x86_64
curl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: bf2d5700911faf7b1d5c43b9dca6231a5830d637a82d872ec275bb19f280cc91
curl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 31ec5f07c1e78ee75c64200d9aba4cf5e66ac3a678ac72fc217d11d88be04ec0
curl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6da6910ec7b56c2d7a9ba488975d932743c476fa25534a27357e07978b063ac7
curl-debugsource-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 8d97a01e624c33b758fa6d3373e3c40896d82c91aeffd33e60d91ca48e8504ca
curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 52dd704258579c46235345fa057357e3de26e23379f15a0aa8480d6c93bc6b4a
curl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 1fb507279d86deb90a50389153126db05b06a29468dd933c50397af33efe97bd
curl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6bf18cb29c0b82301c79cca8f5ce6c0433242433b689e4cc4f7ed10149612d65
libcurl-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 0e81671ea31b67a12a4e3f3a5453f62631c609814b47a371e1cc172f64c4fce5
libcurl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: d4ad9f4f7e86528a97a81df2f9bc11af767b849637cd8f56837d5ca70d7f5c5d
libcurl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: d9b5d29dd16a8e42c535d267cd3a2b39cd6e3c962498f42b2a11b22d70662e24
libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 1568e078d223bb3c889f82b71fc17be86408bf43b1d394cd0dc77f5bb0b64e5d
libcurl-devel-7.61.1-30.el8_8.3.i686.rpm
SHA-256: ba6f98e0ebb312cbbf507402fa2479534464bf21f91770881a02171b3af4c2b5
libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 69169ef2aa0914ace96120b82a816137557c107309f4a25a6124884965185d7a
libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 6a4d527fa42d53ce2d9432686fbdf0f08867de970bb37b73fde128d3f224cdfe
libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 5fd6c6989eeda4fdf6edbe852ee7b04a3f47ac76d623be0e98e2700f3e72362e
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 995b2a2cdfd52133eedee12eb796293bd1760b9743865840c8538cf2b3c06168
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 621331ebc9caaa16646337007d31c2f689f3578ce589cc50d696747e98efc2ed
Red Hat Enterprise Linux for ARM 64 8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
aarch64
curl-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: c49b943535850c48b2e9ee1e2a313b3dd874dc0729381c35deee2ba77f0d448d
curl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: f7f585fef01b6df23d2e31ec156c06a596b796f9b52c0401280c48a19da1f5d0
curl-debugsource-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 4e1d577668012ac6079d1e7c393722cf92bd69e37e9389571b94e2f81fe4dd97
curl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 605064a77408d8cf123f2f1745fcd1de337f30791476d21c9a6e1db7c313fedf
libcurl-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 09a3a10ee6e270f95bdd1db4bf48a33832cbc982fcc080dceb0febb6ba13db03
libcurl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: c8e56aacd9d2e3b3538fa650446fa5c20fe8e79cb8ebbc04a0bcd2d94a30b3ee
libcurl-devel-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: db54fe54444e739147ee3af66e9a838e0b5128687a89ac0ccc35df040fbe8344
libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 825ba09e413880308460887eceadc93ef8e61ba4f1ca5f274e94b5bd3ec13e85
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: b470a89af8868739c2f25aff70213706ca2ca9129afc9fd182b416f97f1f9690
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
aarch64
curl-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: c49b943535850c48b2e9ee1e2a313b3dd874dc0729381c35deee2ba77f0d448d
curl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: f7f585fef01b6df23d2e31ec156c06a596b796f9b52c0401280c48a19da1f5d0
curl-debugsource-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 4e1d577668012ac6079d1e7c393722cf92bd69e37e9389571b94e2f81fe4dd97
curl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 605064a77408d8cf123f2f1745fcd1de337f30791476d21c9a6e1db7c313fedf
libcurl-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 09a3a10ee6e270f95bdd1db4bf48a33832cbc982fcc080dceb0febb6ba13db03
libcurl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: c8e56aacd9d2e3b3538fa650446fa5c20fe8e79cb8ebbc04a0bcd2d94a30b3ee
libcurl-devel-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: db54fe54444e739147ee3af66e9a838e0b5128687a89ac0ccc35df040fbe8344
libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: 825ba09e413880308460887eceadc93ef8e61ba4f1ca5f274e94b5bd3ec13e85
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm
SHA-256: b470a89af8868739c2f25aff70213706ca2ca9129afc9fd182b416f97f1f9690
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
ppc64le
curl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fafb521108a4be1414997046a34027daf0a40e9ff1bf8089aadd48564b53998e
curl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38b1ebf306c30b3576f4e5ca4fd31d0e94ef7d3b8a6828cdba240c324c9ccbf9
curl-debugsource-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: e6fe5f6168f8e618446d4f3a14c186dfa00d4628d9aca6bb82c59b52b5e46db1
curl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 38dac03458a426f6c05179fda02f0733957bcb164143826b6dcb9ed8995230ac
libcurl-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: fd7b67bfcbb2422fe2cd6e307db3e515b25b4842c7a309de1552f0babd580751
libcurl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 725ea1a07685f4d5f923de250ebcf8488664d668fe7d41e35967db1e0566cb19
libcurl-devel-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: 780945ebd5911b06bf5dc94b24ad2bd9f6c2964d6e50a383d02ac6ea43c1be83
libcurl-minimal-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: d2a2f0f3b707719d8baf3a62e2928dac6183fa5c33eb9db41e06d32d4ce6eb41
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm
SHA-256: a072b4bf0ddaff4c9d5eacb76d3b5273f6b3b1a0b9e8a5d9932aba4ed1def129
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
curl-7.61.1-30.el8_8.3.src.rpm
SHA-256: 896c232b3a8da5f4c1b0119c778ba0b7a4b489b4d6f7777a191392ce5d966e69
x86_64
curl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: bf2d5700911faf7b1d5c43b9dca6231a5830d637a82d872ec275bb19f280cc91
curl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 31ec5f07c1e78ee75c64200d9aba4cf5e66ac3a678ac72fc217d11d88be04ec0
curl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6da6910ec7b56c2d7a9ba488975d932743c476fa25534a27357e07978b063ac7
curl-debugsource-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 8d97a01e624c33b758fa6d3373e3c40896d82c91aeffd33e60d91ca48e8504ca
curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 52dd704258579c46235345fa057357e3de26e23379f15a0aa8480d6c93bc6b4a
curl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 1fb507279d86deb90a50389153126db05b06a29468dd933c50397af33efe97bd
curl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 6bf18cb29c0b82301c79cca8f5ce6c0433242433b689e4cc4f7ed10149612d65
libcurl-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 0e81671ea31b67a12a4e3f3a5453f62631c609814b47a371e1cc172f64c4fce5
libcurl-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: d4ad9f4f7e86528a97a81df2f9bc11af767b849637cd8f56837d5ca70d7f5c5d
libcurl-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: d9b5d29dd16a8e42c535d267cd3a2b39cd6e3c962498f42b2a11b22d70662e24
libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 1568e078d223bb3c889f82b71fc17be86408bf43b1d394cd0dc77f5bb0b64e5d
libcurl-devel-7.61.1-30.el8_8.3.i686.rpm
SHA-256: ba6f98e0ebb312cbbf507402fa2479534464bf21f91770881a02171b3af4c2b5
libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 69169ef2aa0914ace96120b82a816137557c107309f4a25a6124884965185d7a
libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 6a4d527fa42d53ce2d9432686fbdf0f08867de970bb37b73fde128d3f224cdfe
libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 5fd6c6989eeda4fdf6edbe852ee7b04a3f47ac76d623be0e98e2700f3e72362e
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm
SHA-256: 995b2a2cdfd52133eedee12eb796293bd1760b9743865840c8538cf2b3c06168
libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm
SHA-256: 621331ebc9caaa16646337007d31c2f689f3578ce589cc50d696747e98efc2ed
Related news
Red Hat Security Advisory 2023-5598-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35942: A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3027: The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created polic...
Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4523-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Red Hat Security Advisory 2023-4523-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.
Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.