Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8299: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-27775: curl: bad local IPv6 connection reuse
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#ldap#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8299 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: curl security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: bad local IPv6 connection reuse (CVE-2022-27775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2078388 - CVE-2022-27775 curl: bad local IPv6 connection reuse

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

curl-7.76.1-19.el9.src.rpm

SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e

x86_64

curl-7.76.1-19.el9.x86_64.rpm

SHA-256: 5f62215d7fb6c0cf4c0597473b090549e297a27db058fb27d10030996f16c574

curl-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: a454d3957240430b889507f4bc7c5543e9375de13fcdf63083829173e1ed7be9

curl-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: a454d3957240430b889507f4bc7c5543e9375de13fcdf63083829173e1ed7be9

curl-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 7d4016569cb486510207e08dae21d725d9834eea3fd98e98302b9c043f2fd89c

curl-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 7d4016569cb486510207e08dae21d725d9834eea3fd98e98302b9c043f2fd89c

curl-debugsource-7.76.1-19.el9.i686.rpm

SHA-256: e370644d0ed74a64b6698b0d17033434a14c4a0878b8a54b08f2e8c066cd7ec7

curl-debugsource-7.76.1-19.el9.i686.rpm

SHA-256: e370644d0ed74a64b6698b0d17033434a14c4a0878b8a54b08f2e8c066cd7ec7

curl-debugsource-7.76.1-19.el9.x86_64.rpm

SHA-256: 49225b6e2b64fbb6c2b1de5ecd77d82c6b380baa4910d3df308102f0232a7230

curl-debugsource-7.76.1-19.el9.x86_64.rpm

SHA-256: 49225b6e2b64fbb6c2b1de5ecd77d82c6b380baa4910d3df308102f0232a7230

curl-minimal-7.76.1-19.el9.x86_64.rpm

SHA-256: f01c6deed4faf618bd1d496785f20fb0c1816d2fa5047089a6babee003f02454

curl-minimal-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 61e95b94b5b33b956302a6df654ae8caf60299e4687283ee0de2d3a0efec7aca

curl-minimal-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 61e95b94b5b33b956302a6df654ae8caf60299e4687283ee0de2d3a0efec7aca

curl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 8c7da3bbdabbd30fc5bef912b6a0adeac3aa519b36c5fa7ff55d5fa8e7c607f4

curl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 8c7da3bbdabbd30fc5bef912b6a0adeac3aa519b36c5fa7ff55d5fa8e7c607f4

libcurl-7.76.1-19.el9.i686.rpm

SHA-256: 00847152d5851335dae5715a29bcc6b6d99e3cd38a8a472261f4a49d9bf832c2

libcurl-7.76.1-19.el9.x86_64.rpm

SHA-256: b2186a11af297175d1d197f1c7687eb22a6222e5719765c31a57170fc6fb8471

libcurl-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 3eecbe1d593bca011ef396d33d2a7661b8af81f8832b2573c3e591e93a8e4a07

libcurl-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 3eecbe1d593bca011ef396d33d2a7661b8af81f8832b2573c3e591e93a8e4a07

libcurl-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 1b07b7cfdc9a47f71bc393075d31d8db74de566499a8b6dbdc3bab58950d1849

libcurl-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 1b07b7cfdc9a47f71bc393075d31d8db74de566499a8b6dbdc3bab58950d1849

libcurl-devel-7.76.1-19.el9.i686.rpm

SHA-256: d0f957e4ed48396333dcb5e6e80c8038668e9f98efb768eb874ae941398b9fa5

libcurl-devel-7.76.1-19.el9.x86_64.rpm

SHA-256: a07fa5c4e08b279bbb8e7be149b3a1f77304a40c744b837e7fc87ca1ec19fb0e

libcurl-minimal-7.76.1-19.el9.i686.rpm

SHA-256: a1b5a6ccedcb8f31a37a5093a303c76f0205b4348b8022a3439e1bbb14c2490a

libcurl-minimal-7.76.1-19.el9.x86_64.rpm

SHA-256: 64dd6184db04ff345b6d7db34ead577393125335e6db5e80d86c907a1fa3f56d

libcurl-minimal-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 60404f43134dbdc8977e134d79cf91e5ecd3d5b04882d082faf26983e4d5bae1

libcurl-minimal-debuginfo-7.76.1-19.el9.i686.rpm

SHA-256: 60404f43134dbdc8977e134d79cf91e5ecd3d5b04882d082faf26983e4d5bae1

libcurl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 9bb86e999a6218392555721979c372fa98e7d2a85ce02d76051ac281b1c9ad93

libcurl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm

SHA-256: 9bb86e999a6218392555721979c372fa98e7d2a85ce02d76051ac281b1c9ad93

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

curl-7.76.1-19.el9.src.rpm

SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e

s390x

curl-7.76.1-19.el9.s390x.rpm

SHA-256: 31bb83963623ba7071049041d8dd98c2b820e9336cff59e6548bef7e172926f8

curl-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 2ed7273e59402ff9b55a1c97d5183d92d5f344d53d8db3a95259156bfd86bb59

curl-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 2ed7273e59402ff9b55a1c97d5183d92d5f344d53d8db3a95259156bfd86bb59

curl-debugsource-7.76.1-19.el9.s390x.rpm

SHA-256: 140c8cdb82ece32e174789341790ae83ae713002ea775100d1fcb86a40a2a230

curl-debugsource-7.76.1-19.el9.s390x.rpm

SHA-256: 140c8cdb82ece32e174789341790ae83ae713002ea775100d1fcb86a40a2a230

curl-minimal-7.76.1-19.el9.s390x.rpm

SHA-256: 3ccb87802bc79d857d7d0400b5dbbd78cc9a59b2104f171a54d39339b2484fd7

curl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: a9bb7fdd3a5fc89f8f2375fe899cc8801477480dbffe678a419352b566f5e6ab

curl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: a9bb7fdd3a5fc89f8f2375fe899cc8801477480dbffe678a419352b566f5e6ab

libcurl-7.76.1-19.el9.s390x.rpm

SHA-256: 3e18acaa6f33c1e8d4744cf47ce28fc5df63a6751419c7f61bcf85a571440b8e

libcurl-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 3271f12304f183b497ba1f968cbe67f038a91d86ee4344f4f70bbff967806e20

libcurl-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 3271f12304f183b497ba1f968cbe67f038a91d86ee4344f4f70bbff967806e20

libcurl-devel-7.76.1-19.el9.s390x.rpm

SHA-256: afef38c81f4de97193a82cb624721d4d50b9c55f52ff00d2fd3b98d518d07b6e

libcurl-minimal-7.76.1-19.el9.s390x.rpm

SHA-256: 9ed114dacdad4623f05e1d33523b0f6d650e2a13e9182709bcd01cd09754b30c

libcurl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 389399c41962c0441d99ef6c6d2a4db6b9c364f4be6aa24a53103cec57785f2f

libcurl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm

SHA-256: 389399c41962c0441d99ef6c6d2a4db6b9c364f4be6aa24a53103cec57785f2f

Red Hat Enterprise Linux for Power, little endian 9

SRPM

curl-7.76.1-19.el9.src.rpm

SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e

ppc64le

curl-7.76.1-19.el9.ppc64le.rpm

SHA-256: e9b99e7ffe7be25eb3141f71b9b63673d3962c40d93f35e6b39ac3d6d82ae605

curl-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 19b9106ec6e146870b27d308545e2bff32f7be7b5ed49724e16e35f5743b89ef

curl-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 19b9106ec6e146870b27d308545e2bff32f7be7b5ed49724e16e35f5743b89ef

curl-debugsource-7.76.1-19.el9.ppc64le.rpm

SHA-256: 93d3c72edb401fa6033a522789cd47af895d9049662add8a6b7486ae581b6dec

curl-debugsource-7.76.1-19.el9.ppc64le.rpm

SHA-256: 93d3c72edb401fa6033a522789cd47af895d9049662add8a6b7486ae581b6dec

curl-minimal-7.76.1-19.el9.ppc64le.rpm

SHA-256: 9f4f9a83d582c9d9433aaa38498a9797a743061acdc404fff2a30ba26a67adcd

curl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 56c684f92f59624961d1c2b5ba8f75d0d2cc70231a413c333c592d23a67c310d

curl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 56c684f92f59624961d1c2b5ba8f75d0d2cc70231a413c333c592d23a67c310d

libcurl-7.76.1-19.el9.ppc64le.rpm

SHA-256: 92e4b597e2af09040fa3c6efdec1d0b58f3e59f0c2fe92e98b1186c1a2343a19

libcurl-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 12081f42e7369062241b71155e0dc69d80a29a4c501d66dbb2f4ee3e0f2abee5

libcurl-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 12081f42e7369062241b71155e0dc69d80a29a4c501d66dbb2f4ee3e0f2abee5

libcurl-devel-7.76.1-19.el9.ppc64le.rpm

SHA-256: 5ad5b9ad1358ad0adde983be89971c535a9ac9647b41c15754ed581e0580d8fa

libcurl-minimal-7.76.1-19.el9.ppc64le.rpm

SHA-256: 24afd12b6cdcc48eaf69c5abd9e9076830315cb85d7504ca507e1f8ca3df42a7

libcurl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 4fc6b54967543f175cfc8612ac2309317e494a7e74c0b370215657f1c9ddcbe6

libcurl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm

SHA-256: 4fc6b54967543f175cfc8612ac2309317e494a7e74c0b370215657f1c9ddcbe6

Red Hat Enterprise Linux for ARM 64 9

SRPM

curl-7.76.1-19.el9.src.rpm

SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e

aarch64

curl-7.76.1-19.el9.aarch64.rpm

SHA-256: c7a7973b906ae6d4fb7ed05e5a39034c10a1eba7efee0d05fd9cdc492498bbbc

curl-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 6e2928a782e804b79a157a3b66a3d37aec0333e263880eb156f3e57cea134000

curl-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 6e2928a782e804b79a157a3b66a3d37aec0333e263880eb156f3e57cea134000

curl-debugsource-7.76.1-19.el9.aarch64.rpm

SHA-256: dac748544254d97db2415ca8c4c5d1bd92d4379f320beca7c93ae6cf7f55d5ef

curl-debugsource-7.76.1-19.el9.aarch64.rpm

SHA-256: dac748544254d97db2415ca8c4c5d1bd92d4379f320beca7c93ae6cf7f55d5ef

curl-minimal-7.76.1-19.el9.aarch64.rpm

SHA-256: 05667110c9c171f7d613d73825fc407c23f75a06afcb9c898d7b062bf9617e4a

curl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 917aadcc8ac4b9fef714e5431744bff0641385031ee582935eeeae2e6980e1cb

curl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 917aadcc8ac4b9fef714e5431744bff0641385031ee582935eeeae2e6980e1cb

libcurl-7.76.1-19.el9.aarch64.rpm

SHA-256: 29c2551a09d419ce300ddc78400e5a4fd876b6b5030089fab62061dc13c254f9

libcurl-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 319c7810fd45242eff281a03d5e8b68990b22e931ed7222124d51c22bcdfd7bc

libcurl-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 319c7810fd45242eff281a03d5e8b68990b22e931ed7222124d51c22bcdfd7bc

libcurl-devel-7.76.1-19.el9.aarch64.rpm

SHA-256: 53e67a9a07394e1951e1722d9ce45c06c07ba086653a37ec77ecc8928e957c49

libcurl-minimal-7.76.1-19.el9.aarch64.rpm

SHA-256: 7355bf8ad45a747e7afed21310c893dba0d2cc9572da6e7582d41f71e6b9459a

libcurl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 8b73cc4b09d62ff807237737cfd4fb2c3211b85b454b0ec0c6a8e67ecde8ab9b

libcurl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm

SHA-256: 8b73cc4b09d62ff807237737cfd4fb2c3211b85b454b0ec0c6a8e67ecde8ab9b

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

CVE-2022-29838: WDC-22019 My Cloud Firmware Version 5.25.124 | Western Digital

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

CVE-2022-29837: WDC-22018 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 8.12.0-178 | Western Digital

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

CVE-2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data