Headline
RHSA-2023:0333: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-32221: curl: POST following PUT confusion
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-23
Updated:
2023-01-23
RHSA-2023:0333 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: POST following PUT confusion (CVE-2022-32221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2135411 - CVE-2022-32221 curl: POST following PUT confusion
Red Hat Enterprise Linux for x86_64 9
SRPM
curl-7.76.1-19.el9_1.1.src.rpm
SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb
x86_64
curl-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 0bb1ceb2486ebd3a23eee75e67daa5c0bda1b687a68752bef1577ab89cf9d125
curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 96b3ba337cfd2956ec965ca8ddcc4dd7d7c464995d2f4e24ec614787531200c2
curl-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 96b3ba337cfd2956ec965ca8ddcc4dd7d7c464995d2f4e24ec614787531200c2
curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 1f335d9ecd6cc2346a46ad7fba3b1b97f6db388565fdfeea8f3a3603c204d9f3
curl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 1f335d9ecd6cc2346a46ad7fba3b1b97f6db388565fdfeea8f3a3603c204d9f3
curl-debugsource-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 18e1f238e7ffcefe6847c9f2758983bf6e3986e2a41bc0244d846b32f28501ef
curl-debugsource-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 18e1f238e7ffcefe6847c9f2758983bf6e3986e2a41bc0244d846b32f28501ef
curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: a1c61bd9d304044c5c52eb620bf7fa5adaace3df6552b264aaaca7afc1cdccae
curl-debugsource-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: a1c61bd9d304044c5c52eb620bf7fa5adaace3df6552b264aaaca7afc1cdccae
curl-minimal-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 27e21e568eaf536b905888856c1356859ae7f9a2012d3289ab37f81b477ee657
curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 027b0359c686dcbded9a2e4185182aca5e1a1d2249fbe6aceb40a24d4338f39b
curl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 027b0359c686dcbded9a2e4185182aca5e1a1d2249fbe6aceb40a24d4338f39b
curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: c77b0514681e55af3baa12cee0ab27fe7cfe572384f26d54ba444016b262c417
curl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: c77b0514681e55af3baa12cee0ab27fe7cfe572384f26d54ba444016b262c417
libcurl-7.76.1-19.el9_1.1.i686.rpm
SHA-256: bcf19a5a2fc5210137cd0b461d5f5d46557b6fc268bac982eba785a9afe16bee
libcurl-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: da5571cd6e0cb459c98c5bb9be216e1d4809130e2741bf1cf96f6f00bb54903c
libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: d5570728371310b79904151f4d48dd3aa2c00d1e3e181ff187c538ab080c330a
libcurl-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: d5570728371310b79904151f4d48dd3aa2c00d1e3e181ff187c538ab080c330a
libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 42f6a05cf7bd7c28f2d22864ee9fff28ab0fa5dc3eaf3b3d32016b5197b7644b
libcurl-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 42f6a05cf7bd7c28f2d22864ee9fff28ab0fa5dc3eaf3b3d32016b5197b7644b
libcurl-devel-7.76.1-19.el9_1.1.i686.rpm
SHA-256: 692553a1f732e4da58ea92e6186cb8e1ccea5639192a3c28e7d2e1a2db96cefe
libcurl-devel-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 8a9e46503a865130870b4e42a315fe9b8f44fbeeb93a204257fe7f6d0c650ba3
libcurl-minimal-7.76.1-19.el9_1.1.i686.rpm
SHA-256: c68cee21f190741ec59c5078c3c88d3d52100c98fb152d01173b2bc247f1ccdf
libcurl-minimal-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 77fbf7ed3e386f4187421c750b772e202fc0b2970d43b34c2b0b883e0c9d4f2e
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: be681b14f9ca5f1a7ebb5abebdb51063848a467eb107e9d08f32eccc56e1ce96
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.i686.rpm
SHA-256: be681b14f9ca5f1a7ebb5abebdb51063848a467eb107e9d08f32eccc56e1ce96
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 49ac06321d31523fd4b85ea083f71fefc7bb31332e7df71712c26636d96a4dde
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.x86_64.rpm
SHA-256: 49ac06321d31523fd4b85ea083f71fefc7bb31332e7df71712c26636d96a4dde
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
curl-7.76.1-19.el9_1.1.src.rpm
SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb
s390x
curl-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 7f55cf563a9578e28234ecb62dabc7a40ae5a0214d081b6df6bed3efa271fa9a
curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: f1483e7ab59ca8778c23b479caf44ce3a350430a7f925579f5e0847ec1fe9724
curl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: f1483e7ab59ca8778c23b479caf44ce3a350430a7f925579f5e0847ec1fe9724
curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 34544217b735fc47d875a207401dcb49820f14d7959352d91369cf486a41ebc5
curl-debugsource-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 34544217b735fc47d875a207401dcb49820f14d7959352d91369cf486a41ebc5
curl-minimal-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: ff42f90db7b70b0da5481cdf7a294a11832aa38285ea8c1c481fc6bce7b4eaa6
curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 21c4f9e7eefb14983cbb9518a3e5f60d739ab503b93f13651680d9f09b3cfe79
curl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 21c4f9e7eefb14983cbb9518a3e5f60d739ab503b93f13651680d9f09b3cfe79
libcurl-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: bb6cb7919ba4605fdf9507245159f231bb7eac1c8f31a694c65112b2b747d5ba
libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: af81524073817a58a59bcbeade49aae5ead05a9e3757f423cbab3cb172311cc6
libcurl-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: af81524073817a58a59bcbeade49aae5ead05a9e3757f423cbab3cb172311cc6
libcurl-devel-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: ccf605abe96e99bcbc073be3dad75f1868d7aaea4f8c9827a903c8d475bc2440
libcurl-minimal-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: 2796f30eba3e60421310a8f344095ac56968efb6688acb1aafd855243d1ccea6
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: b7296b2478c049de6ad33958c09a0e689c2524d9b273def6c369f7273a6e3f16
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.s390x.rpm
SHA-256: b7296b2478c049de6ad33958c09a0e689c2524d9b273def6c369f7273a6e3f16
Red Hat Enterprise Linux for Power, little endian 9
SRPM
curl-7.76.1-19.el9_1.1.src.rpm
SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb
ppc64le
curl-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 95b99df86e7b7b71fc9d733732400661d740f3bc77229749277dd7258ec474bc
curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 950861ad43510730782a9f3bcfaa2a91a804b7618b5ec9f560605f0f1d99d7a6
curl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 950861ad43510730782a9f3bcfaa2a91a804b7618b5ec9f560605f0f1d99d7a6
curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: e139553482a89041162db8490faad04e13fc1aaf1842b9dec86ce38c36fb5892
curl-debugsource-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: e139553482a89041162db8490faad04e13fc1aaf1842b9dec86ce38c36fb5892
curl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 6909eed4cb1ba22172c9b11df89cb0bcd13d87995c7ff40e1f7e52da594ac6b4
curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 15af4d51fccdb9a49a513c4499931ffb743b03ff52aa2c259bbce820493c0077
curl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 15af4d51fccdb9a49a513c4499931ffb743b03ff52aa2c259bbce820493c0077
libcurl-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 1a8e796c8f38d6f2f6251cb9ceb581e5020e6f23a34cf69c5b82bec11c91b4a9
libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 602d2e2d7b6303f263a153dcc7625a2d463653226c3ea62b007fc9d360cebfe7
libcurl-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 602d2e2d7b6303f263a153dcc7625a2d463653226c3ea62b007fc9d360cebfe7
libcurl-devel-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 7ed38a1eefad078a3eecac90244a012ba2e6c561d9a31d30e17f30681b9dffe9
libcurl-minimal-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: b8cfb6350a41d269929a11dde30d83d0a1347a3f8111aee6547c183b329140a2
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 4739841fb7fce470ac79fc9d650ba4974e2f2d45438e850f8627dfe53bea3cfe
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.ppc64le.rpm
SHA-256: 4739841fb7fce470ac79fc9d650ba4974e2f2d45438e850f8627dfe53bea3cfe
Red Hat Enterprise Linux for ARM 64 9
SRPM
curl-7.76.1-19.el9_1.1.src.rpm
SHA-256: 11326a0bf7d09bb809450b8ad92c9874d35e836cbf28d3d2597691602a6183eb
aarch64
curl-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: c2b4cc884ed79e9f3b398cfc544e4b07ec393eae3db34fbd056e1ebb24706651
curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 946e03fe19483e9e3ebdb74ea556683d97fc3281ba17d7153bc8e97b9b143339
curl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 946e03fe19483e9e3ebdb74ea556683d97fc3281ba17d7153bc8e97b9b143339
curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: bb6b046417c1c678fbb5c79bc81ad1b72417de81d93e0babba3b105c5ae112c0
curl-debugsource-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: bb6b046417c1c678fbb5c79bc81ad1b72417de81d93e0babba3b105c5ae112c0
curl-minimal-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 7299f5f933a9dd7f96690fc8f75af14bbb2b13f3233412e0caee5e4ddda9eeb2
curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: fac41c36ccb9b564c0e3f2522b6d8cf3e465d7fbb24bab461d92dd7d4c99e14b
curl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: fac41c36ccb9b564c0e3f2522b6d8cf3e465d7fbb24bab461d92dd7d4c99e14b
libcurl-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 43c27f3daee00c905adcaa40447a77be36758195f77883941272cb634b4a720e
libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 0a0003ce4975bf7a5f8b175addfd46dd3d53197a54fcc687c333623cb294db4f
libcurl-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 0a0003ce4975bf7a5f8b175addfd46dd3d53197a54fcc687c333623cb294db4f
libcurl-devel-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: d5f840cade6431b2ae9c2bed2adf5b022f25822aec485c0fd829738c5e69040f
libcurl-minimal-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: 55551af1639047d37c760518393d470dccfa44e939842963f3c9aec8950fa996
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: f9d7194807a972929bde74885f95559c600c6f36da59ac8cad31f0200db0a85e
libcurl-minimal-debuginfo-7.76.1-19.el9_1.1.aarch64.rpm
SHA-256: f9d7194807a972929bde74885f95559c600c6f36da59ac8cad31f0200db0a85e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-20...
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.
Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.