Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0333: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32221: curl: POST following PUT confusion
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#ldap#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-23

Updated:

2023-01-23

RHSA-2023:0333 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: POST following PUT confusion (CVE-2022-32221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2135411 - CVE-2022-32221 curl: POST following PUT confusion

Red Hat Enterprise Linux for x86_64 9

SRPM

curl-7.76.1-19.el9_1.1.src.rpm

SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb

x86_64

curl-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 0bb1ceb2486ebd3a23eee75e67daa5c0bda1b687a68752bef1577ab89cf9d125

curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 96b3ba337cfd2956ec965ca8ddcc4dd7d7c464995d2f4e24ec614787531200c2

curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 96b3ba337cfd2956ec965ca8ddcc4dd7d7c464995d2f4e24ec614787531200c2

curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 1f335d9ecd6cc2346a46ad7fba3b1b97f6db388565fdfeea8f3a3603c204d9f3

curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 1f335d9ecd6cc2346a46ad7fba3b1b97f6db388565fdfeea8f3a3603c204d9f3

curl-debugsource-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 18e1f238e7ffcefe6847c9f2758983bf6e3986e2a41bc0244d846b32f28501ef

curl-debugsource-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 18e1f238e7ffcefe6847c9f2758983bf6e3986e2a41bc0244d846b32f28501ef

curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: a1c61bd9d304044c5c52eb620bf7fa5adaace3df6552b264aaaca7afc1cdccae

curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: a1c61bd9d304044c5c52eb620bf7fa5adaace3df6552b264aaaca7afc1cdccae

curl-minimal-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 27e21e568eaf536b905888856c1356859ae7f9a2012d3289ab37f81b477ee657

curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 027b0359c686dcbded9a2e4185182aca5e1a1d2249fbe6aceb40a24d4338f39b

curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 027b0359c686dcbded9a2e4185182aca5e1a1d2249fbe6aceb40a24d4338f39b

curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: c77b0514681e55af3baa12cee0ab27fe7cfe572384f26d54ba444016b262c417

curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: c77b0514681e55af3baa12cee0ab27fe7cfe572384f26d54ba444016b262c417

libcurl-7.76.1-19.el9_1.1.i686.rpm

SHA-256: bcf19a5a2fc5210137cd0b461d5f5d46557b6fc268bac982eba785a9afe16bee

libcurl-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: da5571cd6e0cb459c98c5bb9be216e1d4809130e2741bf1cf96f6f00bb54903c

libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: d5570728371310b79904151f4d48dd3aa2c00d1e3e181ff187c538ab080c330a

libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: d5570728371310b79904151f4d48dd3aa2c00d1e3e181ff187c538ab080c330a

libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 42f6a05cf7bd7c28f2d22864ee9fff28ab0fa5dc3eaf3b3d32016b5197b7644b

libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 42f6a05cf7bd7c28f2d22864ee9fff28ab0fa5dc3eaf3b3d32016b5197b7644b

libcurl-devel-7.76.1-19.el9_1.1.i686.rpm

SHA-256: 692553a1f732e4da58ea92e6186cb8e1ccea5639192a3c28e7d2e1a2db96cefe

libcurl-devel-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 8a9e46503a865130870b4e42a315fe9b8f44fbeeb93a204257fe7f6d0c650ba3

libcurl-minimal-7.76.1-19.el9_1.1.i686.rpm

SHA-256: c68cee21f190741ec59c5078c3c88d3d52100c98fb152d01173b2bc247f1ccdf

libcurl-minimal-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 77fbf7ed3e386f4187421c750b772e202fc0b2970d43b34c2b0b883e0c9d4f2e

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: be681b14f9ca5f1a7ebb5abebdb51063848a467eb107e9d08f32eccc56e1ce96

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm

SHA-256: be681b14f9ca5f1a7ebb5abebdb51063848a467eb107e9d08f32eccc56e1ce96

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 49ac06321d31523fd4b85ea083f71fefc7bb31332e7df71712c26636d96a4dde

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm

SHA-256: 49ac06321d31523fd4b85ea083f71fefc7bb31332e7df71712c26636d96a4dde

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

curl-7.76.1-19.el9_1.1.src.rpm

SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb

s390x

curl-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 7f55cf563a9578e28234ecb62dabc7a40ae5a0214d081b6df6bed3efa271fa9a

curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: f1483e7ab59ca8778c23b479caf44ce3a350430a7f925579f5e0847ec1fe9724

curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: f1483e7ab59ca8778c23b479caf44ce3a350430a7f925579f5e0847ec1fe9724

curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 34544217b735fc47d875a207401dcb49820f14d7959352d91369cf486a41ebc5

curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 34544217b735fc47d875a207401dcb49820f14d7959352d91369cf486a41ebc5

curl-minimal-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: ff42f90db7b70b0da5481cdf7a294a11832aa38285ea8c1c481fc6bce7b4eaa6

curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 21c4f9e7eefb14983cbb9518a3e5f60d739ab503b93f13651680d9f09b3cfe79

curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 21c4f9e7eefb14983cbb9518a3e5f60d739ab503b93f13651680d9f09b3cfe79

libcurl-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: bb6cb7919ba4605fdf9507245159f231bb7eac1c8f31a694c65112b2b747d5ba

libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: af81524073817a58a59bcbeade49aae5ead05a9e3757f423cbab3cb172311cc6

libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: af81524073817a58a59bcbeade49aae5ead05a9e3757f423cbab3cb172311cc6

libcurl-devel-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: ccf605abe96e99bcbc073be3dad75f1868d7aaea4f8c9827a903c8d475bc2440

libcurl-minimal-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: 2796f30eba3e60421310a8f344095ac56968efb6688acb1aafd855243d1ccea6

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: b7296b2478c049de6ad33958c09a0e689c2524d9b273def6c369f7273a6e3f16

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm

SHA-256: b7296b2478c049de6ad33958c09a0e689c2524d9b273def6c369f7273a6e3f16

Red Hat Enterprise Linux for Power, little endian 9

SRPM

curl-7.76.1-19.el9_1.1.src.rpm

SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb

ppc64le

curl-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 95b99df86e7b7b71fc9d733732400661d740f3bc77229749277dd7258ec474bc

curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 950861ad43510730782a9f3bcfaa2a91a804b7618b5ec9f560605f0f1d99d7a6

curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 950861ad43510730782a9f3bcfaa2a91a804b7618b5ec9f560605f0f1d99d7a6

curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: e139553482a89041162db8490faad04e13fc1aaf1842b9dec86ce38c36fb5892

curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: e139553482a89041162db8490faad04e13fc1aaf1842b9dec86ce38c36fb5892

curl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 6909eed4cb1ba22172c9b11df89cb0bcd13d87995c7ff40e1f7e52da594ac6b4

curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 15af4d51fccdb9a49a513c4499931ffb743b03ff52aa2c259bbce820493c0077

curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 15af4d51fccdb9a49a513c4499931ffb743b03ff52aa2c259bbce820493c0077

libcurl-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 1a8e796c8f38d6f2f6251cb9ceb581e5020e6f23a34cf69c5b82bec11c91b4a9

libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 602d2e2d7b6303f263a153dcc7625a2d463653226c3ea62b007fc9d360cebfe7

libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 602d2e2d7b6303f263a153dcc7625a2d463653226c3ea62b007fc9d360cebfe7

libcurl-devel-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 7ed38a1eefad078a3eecac90244a012ba2e6c561d9a31d30e17f30681b9dffe9

libcurl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: b8cfb6350a41d269929a11dde30d83d0a1347a3f8111aee6547c183b329140a2

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 4739841fb7fce470ac79fc9d650ba4974e2f2d45438e850f8627dfe53bea3cfe

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm

SHA-256: 4739841fb7fce470ac79fc9d650ba4974e2f2d45438e850f8627dfe53bea3cfe

Red Hat Enterprise Linux for ARM 64 9

SRPM

curl-7.76.1-19.el9_1.1.src.rpm

SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb

aarch64

curl-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: c2b4cc884ed79e9f3b398cfc544e4b07ec393eae3db34fbd056e1ebb24706651

curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 946e03fe19483e9e3ebdb74ea556683d97fc3281ba17d7153bc8e97b9b143339

curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 946e03fe19483e9e3ebdb74ea556683d97fc3281ba17d7153bc8e97b9b143339

curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: bb6b046417c1c678fbb5c79bc81ad1b72417de81d93e0babba3b105c5ae112c0

curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: bb6b046417c1c678fbb5c79bc81ad1b72417de81d93e0babba3b105c5ae112c0

curl-minimal-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 7299f5f933a9dd7f96690fc8f75af14bbb2b13f3233412e0caee5e4ddda9eeb2

curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: fac41c36ccb9b564c0e3f2522b6d8cf3e465d7fbb24bab461d92dd7d4c99e14b

curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: fac41c36ccb9b564c0e3f2522b6d8cf3e465d7fbb24bab461d92dd7d4c99e14b

libcurl-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 43c27f3daee00c905adcaa40447a77be36758195f77883941272cb634b4a720e

libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 0a0003ce4975bf7a5f8b175addfd46dd3d53197a54fcc687c333623cb294db4f

libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 0a0003ce4975bf7a5f8b175addfd46dd3d53197a54fcc687c333623cb294db4f

libcurl-devel-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: d5f840cade6431b2ae9c2bed2adf5b022f25822aec485c0fd829738c5e69040f

libcurl-minimal-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: 55551af1639047d37c760518393d470dccfa44e939842963f3c9aec8950fa996

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: f9d7194807a972929bde74885f95559c600c6f36da59ac8cad31f0200db0a85e

libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm

SHA-256: f9d7194807a972929bde74885f95559c600c6f36da59ac8cad31f0200db0a85e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

RHSA-2023:4139: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVE-2023-23512: About the security content of macOS Ventura 13.2

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.

Debian Security Advisory 5330-1

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

Ubuntu Security Notice USN-5823-1

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Apple Security Advisory 2023-01-23-5

Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2023-01-23-4

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

Red Hat Security Advisory 2022-8840-01

Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-8841-01

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

RHSA-2022:8841: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...

RHSA-2022:8840: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-20...

CVE-2022-32221

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Ubuntu Security Notice USN-5702-2

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

Ubuntu Security Notice USN-5702-1

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.