Headline
RHSA-2022:8299: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-27775: curl: bad local IPv6 connection reuse
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8299 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: curl security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: bad local IPv6 connection reuse (CVE-2022-27775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2078388 - CVE-2022-27775 curl: bad local IPv6 connection reuse
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
curl-7.76.1-19.el9.src.rpm
SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e
x86_64
curl-7.76.1-19.el9.x86_64.rpm
SHA-256: 5f62215d7fb6c0cf4c0597473b090549e297a27db058fb27d10030996f16c574
curl-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: a454d3957240430b889507f4bc7c5543e9375de13fcdf63083829173e1ed7be9
curl-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: a454d3957240430b889507f4bc7c5543e9375de13fcdf63083829173e1ed7be9
curl-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 7d4016569cb486510207e08dae21d725d9834eea3fd98e98302b9c043f2fd89c
curl-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 7d4016569cb486510207e08dae21d725d9834eea3fd98e98302b9c043f2fd89c
curl-debugsource-7.76.1-19.el9.i686.rpm
SHA-256: e370644d0ed74a64b6698b0d17033434a14c4a0878b8a54b08f2e8c066cd7ec7
curl-debugsource-7.76.1-19.el9.i686.rpm
SHA-256: e370644d0ed74a64b6698b0d17033434a14c4a0878b8a54b08f2e8c066cd7ec7
curl-debugsource-7.76.1-19.el9.x86_64.rpm
SHA-256: 49225b6e2b64fbb6c2b1de5ecd77d82c6b380baa4910d3df308102f0232a7230
curl-debugsource-7.76.1-19.el9.x86_64.rpm
SHA-256: 49225b6e2b64fbb6c2b1de5ecd77d82c6b380baa4910d3df308102f0232a7230
curl-minimal-7.76.1-19.el9.x86_64.rpm
SHA-256: f01c6deed4faf618bd1d496785f20fb0c1816d2fa5047089a6babee003f02454
curl-minimal-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 61e95b94b5b33b956302a6df654ae8caf60299e4687283ee0de2d3a0efec7aca
curl-minimal-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 61e95b94b5b33b956302a6df654ae8caf60299e4687283ee0de2d3a0efec7aca
curl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 8c7da3bbdabbd30fc5bef912b6a0adeac3aa519b36c5fa7ff55d5fa8e7c607f4
curl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 8c7da3bbdabbd30fc5bef912b6a0adeac3aa519b36c5fa7ff55d5fa8e7c607f4
libcurl-7.76.1-19.el9.i686.rpm
SHA-256: 00847152d5851335dae5715a29bcc6b6d99e3cd38a8a472261f4a49d9bf832c2
libcurl-7.76.1-19.el9.x86_64.rpm
SHA-256: b2186a11af297175d1d197f1c7687eb22a6222e5719765c31a57170fc6fb8471
libcurl-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 3eecbe1d593bca011ef396d33d2a7661b8af81f8832b2573c3e591e93a8e4a07
libcurl-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 3eecbe1d593bca011ef396d33d2a7661b8af81f8832b2573c3e591e93a8e4a07
libcurl-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 1b07b7cfdc9a47f71bc393075d31d8db74de566499a8b6dbdc3bab58950d1849
libcurl-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 1b07b7cfdc9a47f71bc393075d31d8db74de566499a8b6dbdc3bab58950d1849
libcurl-devel-7.76.1-19.el9.i686.rpm
SHA-256: d0f957e4ed48396333dcb5e6e80c8038668e9f98efb768eb874ae941398b9fa5
libcurl-devel-7.76.1-19.el9.x86_64.rpm
SHA-256: a07fa5c4e08b279bbb8e7be149b3a1f77304a40c744b837e7fc87ca1ec19fb0e
libcurl-minimal-7.76.1-19.el9.i686.rpm
SHA-256: a1b5a6ccedcb8f31a37a5093a303c76f0205b4348b8022a3439e1bbb14c2490a
libcurl-minimal-7.76.1-19.el9.x86_64.rpm
SHA-256: 64dd6184db04ff345b6d7db34ead577393125335e6db5e80d86c907a1fa3f56d
libcurl-minimal-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 60404f43134dbdc8977e134d79cf91e5ecd3d5b04882d082faf26983e4d5bae1
libcurl-minimal-debuginfo-7.76.1-19.el9.i686.rpm
SHA-256: 60404f43134dbdc8977e134d79cf91e5ecd3d5b04882d082faf26983e4d5bae1
libcurl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 9bb86e999a6218392555721979c372fa98e7d2a85ce02d76051ac281b1c9ad93
libcurl-minimal-debuginfo-7.76.1-19.el9.x86_64.rpm
SHA-256: 9bb86e999a6218392555721979c372fa98e7d2a85ce02d76051ac281b1c9ad93
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
curl-7.76.1-19.el9.src.rpm
SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e
s390x
curl-7.76.1-19.el9.s390x.rpm
SHA-256: 31bb83963623ba7071049041d8dd98c2b820e9336cff59e6548bef7e172926f8
curl-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 2ed7273e59402ff9b55a1c97d5183d92d5f344d53d8db3a95259156bfd86bb59
curl-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 2ed7273e59402ff9b55a1c97d5183d92d5f344d53d8db3a95259156bfd86bb59
curl-debugsource-7.76.1-19.el9.s390x.rpm
SHA-256: 140c8cdb82ece32e174789341790ae83ae713002ea775100d1fcb86a40a2a230
curl-debugsource-7.76.1-19.el9.s390x.rpm
SHA-256: 140c8cdb82ece32e174789341790ae83ae713002ea775100d1fcb86a40a2a230
curl-minimal-7.76.1-19.el9.s390x.rpm
SHA-256: 3ccb87802bc79d857d7d0400b5dbbd78cc9a59b2104f171a54d39339b2484fd7
curl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: a9bb7fdd3a5fc89f8f2375fe899cc8801477480dbffe678a419352b566f5e6ab
curl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: a9bb7fdd3a5fc89f8f2375fe899cc8801477480dbffe678a419352b566f5e6ab
libcurl-7.76.1-19.el9.s390x.rpm
SHA-256: 3e18acaa6f33c1e8d4744cf47ce28fc5df63a6751419c7f61bcf85a571440b8e
libcurl-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 3271f12304f183b497ba1f968cbe67f038a91d86ee4344f4f70bbff967806e20
libcurl-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 3271f12304f183b497ba1f968cbe67f038a91d86ee4344f4f70bbff967806e20
libcurl-devel-7.76.1-19.el9.s390x.rpm
SHA-256: afef38c81f4de97193a82cb624721d4d50b9c55f52ff00d2fd3b98d518d07b6e
libcurl-minimal-7.76.1-19.el9.s390x.rpm
SHA-256: 9ed114dacdad4623f05e1d33523b0f6d650e2a13e9182709bcd01cd09754b30c
libcurl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 389399c41962c0441d99ef6c6d2a4db6b9c364f4be6aa24a53103cec57785f2f
libcurl-minimal-debuginfo-7.76.1-19.el9.s390x.rpm
SHA-256: 389399c41962c0441d99ef6c6d2a4db6b9c364f4be6aa24a53103cec57785f2f
Red Hat Enterprise Linux for Power, little endian 9
SRPM
curl-7.76.1-19.el9.src.rpm
SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e
ppc64le
curl-7.76.1-19.el9.ppc64le.rpm
SHA-256: e9b99e7ffe7be25eb3141f71b9b63673d3962c40d93f35e6b39ac3d6d82ae605
curl-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 19b9106ec6e146870b27d308545e2bff32f7be7b5ed49724e16e35f5743b89ef
curl-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 19b9106ec6e146870b27d308545e2bff32f7be7b5ed49724e16e35f5743b89ef
curl-debugsource-7.76.1-19.el9.ppc64le.rpm
SHA-256: 93d3c72edb401fa6033a522789cd47af895d9049662add8a6b7486ae581b6dec
curl-debugsource-7.76.1-19.el9.ppc64le.rpm
SHA-256: 93d3c72edb401fa6033a522789cd47af895d9049662add8a6b7486ae581b6dec
curl-minimal-7.76.1-19.el9.ppc64le.rpm
SHA-256: 9f4f9a83d582c9d9433aaa38498a9797a743061acdc404fff2a30ba26a67adcd
curl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 56c684f92f59624961d1c2b5ba8f75d0d2cc70231a413c333c592d23a67c310d
curl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 56c684f92f59624961d1c2b5ba8f75d0d2cc70231a413c333c592d23a67c310d
libcurl-7.76.1-19.el9.ppc64le.rpm
SHA-256: 92e4b597e2af09040fa3c6efdec1d0b58f3e59f0c2fe92e98b1186c1a2343a19
libcurl-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 12081f42e7369062241b71155e0dc69d80a29a4c501d66dbb2f4ee3e0f2abee5
libcurl-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 12081f42e7369062241b71155e0dc69d80a29a4c501d66dbb2f4ee3e0f2abee5
libcurl-devel-7.76.1-19.el9.ppc64le.rpm
SHA-256: 5ad5b9ad1358ad0adde983be89971c535a9ac9647b41c15754ed581e0580d8fa
libcurl-minimal-7.76.1-19.el9.ppc64le.rpm
SHA-256: 24afd12b6cdcc48eaf69c5abd9e9076830315cb85d7504ca507e1f8ca3df42a7
libcurl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 4fc6b54967543f175cfc8612ac2309317e494a7e74c0b370215657f1c9ddcbe6
libcurl-minimal-debuginfo-7.76.1-19.el9.ppc64le.rpm
SHA-256: 4fc6b54967543f175cfc8612ac2309317e494a7e74c0b370215657f1c9ddcbe6
Red Hat Enterprise Linux for ARM 64 9
SRPM
curl-7.76.1-19.el9.src.rpm
SHA-256: 551335237cf0e4dfd8656ec5b919368e171499dfcd263a553e72d31b2ac33b2e
aarch64
curl-7.76.1-19.el9.aarch64.rpm
SHA-256: c7a7973b906ae6d4fb7ed05e5a39034c10a1eba7efee0d05fd9cdc492498bbbc
curl-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 6e2928a782e804b79a157a3b66a3d37aec0333e263880eb156f3e57cea134000
curl-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 6e2928a782e804b79a157a3b66a3d37aec0333e263880eb156f3e57cea134000
curl-debugsource-7.76.1-19.el9.aarch64.rpm
SHA-256: dac748544254d97db2415ca8c4c5d1bd92d4379f320beca7c93ae6cf7f55d5ef
curl-debugsource-7.76.1-19.el9.aarch64.rpm
SHA-256: dac748544254d97db2415ca8c4c5d1bd92d4379f320beca7c93ae6cf7f55d5ef
curl-minimal-7.76.1-19.el9.aarch64.rpm
SHA-256: 05667110c9c171f7d613d73825fc407c23f75a06afcb9c898d7b062bf9617e4a
curl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 917aadcc8ac4b9fef714e5431744bff0641385031ee582935eeeae2e6980e1cb
curl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 917aadcc8ac4b9fef714e5431744bff0641385031ee582935eeeae2e6980e1cb
libcurl-7.76.1-19.el9.aarch64.rpm
SHA-256: 29c2551a09d419ce300ddc78400e5a4fd876b6b5030089fab62061dc13c254f9
libcurl-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 319c7810fd45242eff281a03d5e8b68990b22e931ed7222124d51c22bcdfd7bc
libcurl-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 319c7810fd45242eff281a03d5e8b68990b22e931ed7222124d51c22bcdfd7bc
libcurl-devel-7.76.1-19.el9.aarch64.rpm
SHA-256: 53e67a9a07394e1951e1722d9ce45c06c07ba086653a37ec77ecc8928e957c49
libcurl-minimal-7.76.1-19.el9.aarch64.rpm
SHA-256: 7355bf8ad45a747e7afed21310c893dba0d2cc9572da6e7582d41f71e6b9459a
libcurl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 8b73cc4b09d62ff807237737cfd4fb2c3211b85b454b0ec0c6a8e67ecde8ab9b
libcurl-minimal-debuginfo-7.76.1-19.el9.aarch64.rpm
SHA-256: 8b73cc4b09d62ff807237737cfd4fb2c3211b85b454b0ec0c6a8e67ecde8ab9b
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.