Headline
RHSA-2023:1842: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: HTTP multi-header compression denial of service (CVE-2023-23916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
x86_64
curl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 2a65a5d40ac5d7ecf1a41d0bb72d3311d91b4328a27b3830a3ff56377cbc31b9
curl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 539a2cb1eadab734cb751839fbac02b1fc7813d30183ff1fd1efc2eb65ba406a
curl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 5e696cdce95dc011592b1aae9bfde9bbe0c736e0e3c73ff3604deabaaa2cee6f
curl-debugsource-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 74ab003b2b95b579ac099f31ea875fd4903ab5f9597791da3272063e8ed4380a
curl-debugsource-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: a2b1b7881666b171a430e3f01db8fd622ace9cc399895e522f63fb3f225dee11
curl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d45b51d5e8d5eaf0c51e57cd055db440798132344675e129c089e42542ef834d
curl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 0767d5132c0b4667942ab8c79b8bbcc24a559e969643f36b85ad4e01eaea379c
libcurl-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d6dd4e6a1a8897600be4292edcfc59a19faf3efbe5eb03a6c541c12fdceff370
libcurl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: b5c5aad7f7455133d38716201b1fe7b6c132c61db75b7d9bfdb48bbca3941b72
libcurl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 3d963ec76373cf1599b106a1c04514838ca671ca0e51c881346742163213cbd7
libcurl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 09eef425501ecf80e70483ce758c8e74fa39056892e7b5b86d5780a1c00dd1b1
libcurl-devel-7.61.1-22.el8_6.6.i686.rpm
SHA-256: b4f751f7be0649d5aab4bde5c7ac727bf725ea3931ca8b5aed4fe69b38993c8c
libcurl-devel-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 80913563ceba544ac3028ec7dceeb8659dbef63e35d2acaeb7fe6de8b1dbc7cb
libcurl-minimal-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 7a949e7b5752c87dc9f7f55c9b4875198f609d64180d9369148dbdee70ffd5d1
libcurl-minimal-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: cba309b5f9899faa1d02865a6f196512646fff6e48d6f0b7c5a5e555a664a799
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: e826716ecde7797cd8e3f184993252c2bec2800cdbeb552940c03bcd8072ff02
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 04dcbdb6ace33c444b96b6c889bfe7c49f90b43e46bf518ad1794bcee6af700c
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
x86_64
curl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 2a65a5d40ac5d7ecf1a41d0bb72d3311d91b4328a27b3830a3ff56377cbc31b9
curl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 539a2cb1eadab734cb751839fbac02b1fc7813d30183ff1fd1efc2eb65ba406a
curl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 5e696cdce95dc011592b1aae9bfde9bbe0c736e0e3c73ff3604deabaaa2cee6f
curl-debugsource-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 74ab003b2b95b579ac099f31ea875fd4903ab5f9597791da3272063e8ed4380a
curl-debugsource-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: a2b1b7881666b171a430e3f01db8fd622ace9cc399895e522f63fb3f225dee11
curl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d45b51d5e8d5eaf0c51e57cd055db440798132344675e129c089e42542ef834d
curl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 0767d5132c0b4667942ab8c79b8bbcc24a559e969643f36b85ad4e01eaea379c
libcurl-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d6dd4e6a1a8897600be4292edcfc59a19faf3efbe5eb03a6c541c12fdceff370
libcurl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: b5c5aad7f7455133d38716201b1fe7b6c132c61db75b7d9bfdb48bbca3941b72
libcurl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 3d963ec76373cf1599b106a1c04514838ca671ca0e51c881346742163213cbd7
libcurl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 09eef425501ecf80e70483ce758c8e74fa39056892e7b5b86d5780a1c00dd1b1
libcurl-devel-7.61.1-22.el8_6.6.i686.rpm
SHA-256: b4f751f7be0649d5aab4bde5c7ac727bf725ea3931ca8b5aed4fe69b38993c8c
libcurl-devel-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 80913563ceba544ac3028ec7dceeb8659dbef63e35d2acaeb7fe6de8b1dbc7cb
libcurl-minimal-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 7a949e7b5752c87dc9f7f55c9b4875198f609d64180d9369148dbdee70ffd5d1
libcurl-minimal-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: cba309b5f9899faa1d02865a6f196512646fff6e48d6f0b7c5a5e555a664a799
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: e826716ecde7797cd8e3f184993252c2bec2800cdbeb552940c03bcd8072ff02
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 04dcbdb6ace33c444b96b6c889bfe7c49f90b43e46bf518ad1794bcee6af700c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
s390x
curl-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: ea88bcd08531f7199bbec5d841764802b5354c5b5a9b7d5e1206ca3da13fd5eb
curl-debuginfo-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 984176e7df683bcec13006d9424abb81ee612d7d4eb3f87ae909fd4dd9edd4d8
curl-debugsource-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 3cb151dd0181cea7c6d852bb37a77a0a99a7c53386d545f910664118c04c0f0e
curl-minimal-debuginfo-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 6781231271a644349271545572525ae73d91a4094dc2d74153fc9e32335ef578
libcurl-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 2eab7e63e599ff22cc5eeab02e47edc0a3ee95e5328f89ba43201f297b525030
libcurl-debuginfo-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: dce1d76b12ea8795e177736b48901e3a2979aabbdcaae1e4fbf5020b01a19c14
libcurl-devel-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 8ae2e703bbc62c0b8828ccaa7d1275fb3c627700a3b7131a70f5038c9b64024e
libcurl-minimal-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 63a609923333aefba11e0cb8d94ef85c8b49950fde8476fdf661d9bd3ece73ef
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.s390x.rpm
SHA-256: 2afa2dc664fbbed55478a31e7bc73fc710a0dbbabb9694bf6477026b14364d62
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
ppc64le
curl-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 48ecfb7dabf3e5fd68c537d0d656104b883530fc3e32faa0cd76a2b0472b6a86
curl-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: c650c2f876e82a58b84bd9707d07ed293246df5c932e06263845601b8b55cef8
curl-debugsource-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 8d54a70145b7be5b8d027089a8304a32cfb3a385791e9a917e864a912f79a30b
curl-minimal-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 9feb8073d81a2db8e27babfa0458b484287dd7830f725dac849a3afd5c93f9cf
libcurl-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: d05aaba8b7d0cb4d5ee59afb19cd78db90aa5ae4051de5226eed1c28f0147b73
libcurl-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: ca03bc76e568b9e99ee06f191fe7c0c5a8fd99e1bb689e9924c04d49841dbd79
libcurl-devel-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 59322a99f3afc6fe9e00b272177aae57174524adb6bcc5625bf42eab1198a1bc
libcurl-minimal-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 0c3791e3debc13e423c43a0d2f791c170e799fd274e6d1820a7464144576f4a3
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 01a32dea580d005cbdcaa57bd6648acd392ebd8cc48e25f1e2d81720994038ac
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
x86_64
curl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 2a65a5d40ac5d7ecf1a41d0bb72d3311d91b4328a27b3830a3ff56377cbc31b9
curl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 539a2cb1eadab734cb751839fbac02b1fc7813d30183ff1fd1efc2eb65ba406a
curl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 5e696cdce95dc011592b1aae9bfde9bbe0c736e0e3c73ff3604deabaaa2cee6f
curl-debugsource-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 74ab003b2b95b579ac099f31ea875fd4903ab5f9597791da3272063e8ed4380a
curl-debugsource-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: a2b1b7881666b171a430e3f01db8fd622ace9cc399895e522f63fb3f225dee11
curl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d45b51d5e8d5eaf0c51e57cd055db440798132344675e129c089e42542ef834d
curl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 0767d5132c0b4667942ab8c79b8bbcc24a559e969643f36b85ad4e01eaea379c
libcurl-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d6dd4e6a1a8897600be4292edcfc59a19faf3efbe5eb03a6c541c12fdceff370
libcurl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: b5c5aad7f7455133d38716201b1fe7b6c132c61db75b7d9bfdb48bbca3941b72
libcurl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 3d963ec76373cf1599b106a1c04514838ca671ca0e51c881346742163213cbd7
libcurl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 09eef425501ecf80e70483ce758c8e74fa39056892e7b5b86d5780a1c00dd1b1
libcurl-devel-7.61.1-22.el8_6.6.i686.rpm
SHA-256: b4f751f7be0649d5aab4bde5c7ac727bf725ea3931ca8b5aed4fe69b38993c8c
libcurl-devel-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 80913563ceba544ac3028ec7dceeb8659dbef63e35d2acaeb7fe6de8b1dbc7cb
libcurl-minimal-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 7a949e7b5752c87dc9f7f55c9b4875198f609d64180d9369148dbdee70ffd5d1
libcurl-minimal-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: cba309b5f9899faa1d02865a6f196512646fff6e48d6f0b7c5a5e555a664a799
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: e826716ecde7797cd8e3f184993252c2bec2800cdbeb552940c03bcd8072ff02
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 04dcbdb6ace33c444b96b6c889bfe7c49f90b43e46bf518ad1794bcee6af700c
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
aarch64
curl-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: 1a358ad874c3304f10246cc03302233c6d3e762ee2d378c125c6d1cea1cf7025
curl-debuginfo-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: fd0fc368cdbd4ca9e6b79fc3969c30d552e76e5279d831c7f0ba6a589e6c27fa
curl-debugsource-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: 0178e4591a2a31a90303837f7b4c77dc831028e2effc7435b3fc1e806c765a53
curl-minimal-debuginfo-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: 78b8a31e715ea2943b68eaf8ce9e25e2a970de69b8729ce15d92708de1e6c330
libcurl-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: eb7c2beb5232a48f356f84d31ad383947945ae432d80a2260d05ecf5a065b649
libcurl-debuginfo-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: 3c2a73a365b82f8892cfbfccfae561444a902cf8f7f77e1dc5093b00254ab2a1
libcurl-devel-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: 555e824528dde9c65bcae5a5e8a3d00b36df713750b8979f37d0698871c26d54
libcurl-minimal-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: de2024d5c1d8769c346550125d3a4dcc3faa605adcd66c299da7249d228aeda2
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.aarch64.rpm
SHA-256: f1fd8fa4f309e1a6a795472730371d119408c6b470c359f9863de9a4834597a8
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
ppc64le
curl-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 48ecfb7dabf3e5fd68c537d0d656104b883530fc3e32faa0cd76a2b0472b6a86
curl-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: c650c2f876e82a58b84bd9707d07ed293246df5c932e06263845601b8b55cef8
curl-debugsource-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 8d54a70145b7be5b8d027089a8304a32cfb3a385791e9a917e864a912f79a30b
curl-minimal-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 9feb8073d81a2db8e27babfa0458b484287dd7830f725dac849a3afd5c93f9cf
libcurl-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: d05aaba8b7d0cb4d5ee59afb19cd78db90aa5ae4051de5226eed1c28f0147b73
libcurl-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: ca03bc76e568b9e99ee06f191fe7c0c5a8fd99e1bb689e9924c04d49841dbd79
libcurl-devel-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 59322a99f3afc6fe9e00b272177aae57174524adb6bcc5625bf42eab1198a1bc
libcurl-minimal-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 0c3791e3debc13e423c43a0d2f791c170e799fd274e6d1820a7464144576f4a3
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.ppc64le.rpm
SHA-256: 01a32dea580d005cbdcaa57bd6648acd392ebd8cc48e25f1e2d81720994038ac
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.6.src.rpm
SHA-256: 1a4653bcfd23e09cd78a1a7b5eaa573dee6c56effe7bc516b1ab4446ad625eb8
x86_64
curl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 2a65a5d40ac5d7ecf1a41d0bb72d3311d91b4328a27b3830a3ff56377cbc31b9
curl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 539a2cb1eadab734cb751839fbac02b1fc7813d30183ff1fd1efc2eb65ba406a
curl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 5e696cdce95dc011592b1aae9bfde9bbe0c736e0e3c73ff3604deabaaa2cee6f
curl-debugsource-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 74ab003b2b95b579ac099f31ea875fd4903ab5f9597791da3272063e8ed4380a
curl-debugsource-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: a2b1b7881666b171a430e3f01db8fd622ace9cc399895e522f63fb3f225dee11
curl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d45b51d5e8d5eaf0c51e57cd055db440798132344675e129c089e42542ef834d
curl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 0767d5132c0b4667942ab8c79b8bbcc24a559e969643f36b85ad4e01eaea379c
libcurl-7.61.1-22.el8_6.6.i686.rpm
SHA-256: d6dd4e6a1a8897600be4292edcfc59a19faf3efbe5eb03a6c541c12fdceff370
libcurl-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: b5c5aad7f7455133d38716201b1fe7b6c132c61db75b7d9bfdb48bbca3941b72
libcurl-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 3d963ec76373cf1599b106a1c04514838ca671ca0e51c881346742163213cbd7
libcurl-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 09eef425501ecf80e70483ce758c8e74fa39056892e7b5b86d5780a1c00dd1b1
libcurl-devel-7.61.1-22.el8_6.6.i686.rpm
SHA-256: b4f751f7be0649d5aab4bde5c7ac727bf725ea3931ca8b5aed4fe69b38993c8c
libcurl-devel-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 80913563ceba544ac3028ec7dceeb8659dbef63e35d2acaeb7fe6de8b1dbc7cb
libcurl-minimal-7.61.1-22.el8_6.6.i686.rpm
SHA-256: 7a949e7b5752c87dc9f7f55c9b4875198f609d64180d9369148dbdee70ffd5d1
libcurl-minimal-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: cba309b5f9899faa1d02865a6f196512646fff6e48d6f0b7c5a5e555a664a799
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.i686.rpm
SHA-256: e826716ecde7797cd8e3f184993252c2bec2800cdbeb552940c03bcd8072ff02
libcurl-minimal-debuginfo-7.61.1-22.el8_6.6.x86_64.rpm
SHA-256: 04dcbdb6ace33c444b96b6c889bfe7c49f90b43e46bf518ad1794bcee6af700c
Related news
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32221: A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback...
Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-1888-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...
Red Hat Security Advisory 2023-1842-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23916: A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.
Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large...
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41354: An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant ...
Red Hat OpenShift Service Mesh Containers for 2.3.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server t...
The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
Red Hat Security Advisory 2023-1140-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.