Headline
RHSA-2022:6159: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-32206: curl: HTTP compression denial of service
- CVE-2022-32208: curl: FTP-KRB bad message verification
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: HTTP compression denial of service (CVE-2022-32206)
- curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2099300 - CVE-2022-32206 curl: HTTP compression denial of service
- BZ - 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
Red Hat Enterprise Linux for x86_64 8
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
x86_64
curl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: e5e641932a5bd01129ef8f98c03367787baecbdad527b608800010269c5f1894
curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: aeca468a51479ac0a0837e2bfa6dc46754a0212088d7c990ce7bddeb076fec86
curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 6b333d14cc77a29fa951ade889e1c0c76fb4dcd645c964581593af442bb6359f
curl-debugsource-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 2a3f15168dbc54bbea12bdf088b7d4b80c24ff96f84bb69ea4ad5e5e38c495de
curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 580bb3b063b5f2714c492eca868da573753b9f27d516ec2756636428c41365f3
curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: e08966141c52c5b967f6bb73a02f3d84338c67baff729567a37a8d21194316ed
curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 1e08929aaa6499849ac7cc87853fd07db2186e5d3dac766500595766dc360290
libcurl-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 9f5009973e1a701d1277bf3250a98a761c78f7d2ff6c116d5f6f40263ae7542f
libcurl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 35f322609ca8ca210d6f9eb732460ac9b2b9c03ee0656e0259ef82833a2882f9
libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 8d7dd1d0cd7914d6c371f9782c7f0393a8abb34daeebdf57717f245f1a63c929
libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 4a0ed861ddb02ece002bb65c6def774432c20862ba7262dbe1e43aa3759b282d
libcurl-devel-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 41fcd26318553e4dcc8683116f12aefebb1ccacab09b70474e7b3c53407814cc
libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 71e6895bcc3e1e85acb5d31f9df5cdfe067d816d23840ead56cb06e992ba2cb0
libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 032432a2fc524afa6c04ac3f8fcefc3eabdf2523148f6d6e1bb4f27e064e9324
libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 3be214880110bc1299a034b33bc8516ea9f263bbf7938bb307163e7598455561
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: b836d70c003769be56f999664f27bd0e68a937a84c601a8136243506ada99a2b
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 036e703dc42bf11a2208eeba7f73544773e8ff98283828712b667e6c4caa315f
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
x86_64
curl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: e5e641932a5bd01129ef8f98c03367787baecbdad527b608800010269c5f1894
curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: aeca468a51479ac0a0837e2bfa6dc46754a0212088d7c990ce7bddeb076fec86
curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 6b333d14cc77a29fa951ade889e1c0c76fb4dcd645c964581593af442bb6359f
curl-debugsource-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 2a3f15168dbc54bbea12bdf088b7d4b80c24ff96f84bb69ea4ad5e5e38c495de
curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 580bb3b063b5f2714c492eca868da573753b9f27d516ec2756636428c41365f3
curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: e08966141c52c5b967f6bb73a02f3d84338c67baff729567a37a8d21194316ed
curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 1e08929aaa6499849ac7cc87853fd07db2186e5d3dac766500595766dc360290
libcurl-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 9f5009973e1a701d1277bf3250a98a761c78f7d2ff6c116d5f6f40263ae7542f
libcurl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 35f322609ca8ca210d6f9eb732460ac9b2b9c03ee0656e0259ef82833a2882f9
libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 8d7dd1d0cd7914d6c371f9782c7f0393a8abb34daeebdf57717f245f1a63c929
libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 4a0ed861ddb02ece002bb65c6def774432c20862ba7262dbe1e43aa3759b282d
libcurl-devel-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 41fcd26318553e4dcc8683116f12aefebb1ccacab09b70474e7b3c53407814cc
libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 71e6895bcc3e1e85acb5d31f9df5cdfe067d816d23840ead56cb06e992ba2cb0
libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 032432a2fc524afa6c04ac3f8fcefc3eabdf2523148f6d6e1bb4f27e064e9324
libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 3be214880110bc1299a034b33bc8516ea9f263bbf7938bb307163e7598455561
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: b836d70c003769be56f999664f27bd0e68a937a84c601a8136243506ada99a2b
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 036e703dc42bf11a2208eeba7f73544773e8ff98283828712b667e6c4caa315f
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
x86_64
curl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: e5e641932a5bd01129ef8f98c03367787baecbdad527b608800010269c5f1894
curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: aeca468a51479ac0a0837e2bfa6dc46754a0212088d7c990ce7bddeb076fec86
curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 6b333d14cc77a29fa951ade889e1c0c76fb4dcd645c964581593af442bb6359f
curl-debugsource-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 2a3f15168dbc54bbea12bdf088b7d4b80c24ff96f84bb69ea4ad5e5e38c495de
curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 580bb3b063b5f2714c492eca868da573753b9f27d516ec2756636428c41365f3
curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: e08966141c52c5b967f6bb73a02f3d84338c67baff729567a37a8d21194316ed
curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 1e08929aaa6499849ac7cc87853fd07db2186e5d3dac766500595766dc360290
libcurl-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 9f5009973e1a701d1277bf3250a98a761c78f7d2ff6c116d5f6f40263ae7542f
libcurl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 35f322609ca8ca210d6f9eb732460ac9b2b9c03ee0656e0259ef82833a2882f9
libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 8d7dd1d0cd7914d6c371f9782c7f0393a8abb34daeebdf57717f245f1a63c929
libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 4a0ed861ddb02ece002bb65c6def774432c20862ba7262dbe1e43aa3759b282d
libcurl-devel-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 41fcd26318553e4dcc8683116f12aefebb1ccacab09b70474e7b3c53407814cc
libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 71e6895bcc3e1e85acb5d31f9df5cdfe067d816d23840ead56cb06e992ba2cb0
libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 032432a2fc524afa6c04ac3f8fcefc3eabdf2523148f6d6e1bb4f27e064e9324
libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 3be214880110bc1299a034b33bc8516ea9f263bbf7938bb307163e7598455561
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: b836d70c003769be56f999664f27bd0e68a937a84c601a8136243506ada99a2b
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 036e703dc42bf11a2208eeba7f73544773e8ff98283828712b667e6c4caa315f
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
s390x
curl-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: aa110d80d3f6a760c30c94f79411e496dac557fd86621fa203d2948bd694e0e7
curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 2a97cf9450860675ff7e5637a2e9106ffe4021ae757623ee38f9a181b8f2d8c6
curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: f2350f86f42f2e7992ff9c604047b6110dfcaed4d46fdbfccdc0c445e88bec37
curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 26d1c3e8a92a3ccea6cc59169634836b7898411dcb359c418a5c8332a241a053
libcurl-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 93b45633b0888f4a964de530459fac21f315e9bf9af3fca4ad954901c28c3da8
libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 18805327d10e3685b96c2615ccd7e102c8eccfd431135addda9bebc5b1d2e303
libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 9d38e0f720821112bb314e6c0b3fa31566fb26af5f4aeecf1cfcb9427e4b2f17
libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: aa99db69e5077c40d23921f7a491a8e2099e32b039e8bfa9460cf5cd317440b5
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 6c017aa8fa5c89fab942175e68080edafccd3d571c4e0d997aeb05430e0cb02c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
s390x
curl-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: aa110d80d3f6a760c30c94f79411e496dac557fd86621fa203d2948bd694e0e7
curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 2a97cf9450860675ff7e5637a2e9106ffe4021ae757623ee38f9a181b8f2d8c6
curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: f2350f86f42f2e7992ff9c604047b6110dfcaed4d46fdbfccdc0c445e88bec37
curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 26d1c3e8a92a3ccea6cc59169634836b7898411dcb359c418a5c8332a241a053
libcurl-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 93b45633b0888f4a964de530459fac21f315e9bf9af3fca4ad954901c28c3da8
libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 18805327d10e3685b96c2615ccd7e102c8eccfd431135addda9bebc5b1d2e303
libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 9d38e0f720821112bb314e6c0b3fa31566fb26af5f4aeecf1cfcb9427e4b2f17
libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: aa99db69e5077c40d23921f7a491a8e2099e32b039e8bfa9460cf5cd317440b5
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
SHA-256: 6c017aa8fa5c89fab942175e68080edafccd3d571c4e0d997aeb05430e0cb02c
Red Hat Enterprise Linux for Power, little endian 8
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
ppc64le
curl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: e8fd256f0883c7f2562b7f3731838238fc73a8c0d5b0aba4fd2dc42128a497d2
curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 37457662d1e3ef7401af36a467ac84b72ed6954f53e9ef4d62d7f51aeb3c1888
curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b6a9e9a37e2009f027badd33806a1cc9829d085133a21a22a3e410bfd0a29835
curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: a0d823a679b0a3a41d2e658d10f8da455e9fc3a654af70de1deea503e124405f
libcurl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 8b71a25e501dde2a682e693eb0ef7b6e20873a02144367b67c89d18a2adfe85b
libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 4fbd436a9340fd44b3591b876c800074aa29dad6d0f55f03529a4fe8b4dff1ec
libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 2699616331a65e35a0a92f1f716e38b37fbf160789f60e420172a6da3baba92b
libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b490bf1e80c4f254ce92a399440ce6b9e190f7cdc913d02a8b4db3eb284e8c23
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: de0ec535268508b4e786e16d26611aec554dce466aa289ca63ef0b4123afb97e
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
ppc64le
curl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: e8fd256f0883c7f2562b7f3731838238fc73a8c0d5b0aba4fd2dc42128a497d2
curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 37457662d1e3ef7401af36a467ac84b72ed6954f53e9ef4d62d7f51aeb3c1888
curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b6a9e9a37e2009f027badd33806a1cc9829d085133a21a22a3e410bfd0a29835
curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: a0d823a679b0a3a41d2e658d10f8da455e9fc3a654af70de1deea503e124405f
libcurl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 8b71a25e501dde2a682e693eb0ef7b6e20873a02144367b67c89d18a2adfe85b
libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 4fbd436a9340fd44b3591b876c800074aa29dad6d0f55f03529a4fe8b4dff1ec
libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 2699616331a65e35a0a92f1f716e38b37fbf160789f60e420172a6da3baba92b
libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b490bf1e80c4f254ce92a399440ce6b9e190f7cdc913d02a8b4db3eb284e8c23
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: de0ec535268508b4e786e16d26611aec554dce466aa289ca63ef0b4123afb97e
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
x86_64
curl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: e5e641932a5bd01129ef8f98c03367787baecbdad527b608800010269c5f1894
curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: aeca468a51479ac0a0837e2bfa6dc46754a0212088d7c990ce7bddeb076fec86
curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 6b333d14cc77a29fa951ade889e1c0c76fb4dcd645c964581593af442bb6359f
curl-debugsource-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 2a3f15168dbc54bbea12bdf088b7d4b80c24ff96f84bb69ea4ad5e5e38c495de
curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 580bb3b063b5f2714c492eca868da573753b9f27d516ec2756636428c41365f3
curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: e08966141c52c5b967f6bb73a02f3d84338c67baff729567a37a8d21194316ed
curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 1e08929aaa6499849ac7cc87853fd07db2186e5d3dac766500595766dc360290
libcurl-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 9f5009973e1a701d1277bf3250a98a761c78f7d2ff6c116d5f6f40263ae7542f
libcurl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 35f322609ca8ca210d6f9eb732460ac9b2b9c03ee0656e0259ef82833a2882f9
libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 8d7dd1d0cd7914d6c371f9782c7f0393a8abb34daeebdf57717f245f1a63c929
libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 4a0ed861ddb02ece002bb65c6def774432c20862ba7262dbe1e43aa3759b282d
libcurl-devel-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 41fcd26318553e4dcc8683116f12aefebb1ccacab09b70474e7b3c53407814cc
libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 71e6895bcc3e1e85acb5d31f9df5cdfe067d816d23840ead56cb06e992ba2cb0
libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 032432a2fc524afa6c04ac3f8fcefc3eabdf2523148f6d6e1bb4f27e064e9324
libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 3be214880110bc1299a034b33bc8516ea9f263bbf7938bb307163e7598455561
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: b836d70c003769be56f999664f27bd0e68a937a84c601a8136243506ada99a2b
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 036e703dc42bf11a2208eeba7f73544773e8ff98283828712b667e6c4caa315f
Red Hat Enterprise Linux for ARM 64 8
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
aarch64
curl-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: e61f5e4617306e7224350488c6e1207e75d39ab70a6134cd473fa0de6d16e4ac
curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 59ccb19831f6c878e1ea53ee0b543cbd0cf17b04171249d77fa83dd516592a4b
curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: ff8aa59cbe76fa642234226cf3e06e1f51610bdcb75f9de4f7287d415933c1d5
curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 5e6b4483866dd29f81e6f01638708e7e88d6c9b3b449d3078d1ddaec69757f4d
libcurl-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 9c992f29811c64eed8cb8f4074a95c2e4b293cbab0d9516a179166459a906db9
libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 74afd1e860b06d7e41e5806e6ce159ba87ee70823eb29e35b0d9c7667b84b34d
libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 829adf3310212ebd422426a9840baee62e12608651b28a4ac4a8a7ca8023590c
libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 90c679e46f5c1c60dfebeef10e6e6616a748324aa0706d9660098cc4193005c5
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 85695e8d8222d35e2a7c248d1c86bc9b03c0aef85fba3472025df0cedae1dfc0
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
aarch64
curl-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: e61f5e4617306e7224350488c6e1207e75d39ab70a6134cd473fa0de6d16e4ac
curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 59ccb19831f6c878e1ea53ee0b543cbd0cf17b04171249d77fa83dd516592a4b
curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: ff8aa59cbe76fa642234226cf3e06e1f51610bdcb75f9de4f7287d415933c1d5
curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 5e6b4483866dd29f81e6f01638708e7e88d6c9b3b449d3078d1ddaec69757f4d
libcurl-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 9c992f29811c64eed8cb8f4074a95c2e4b293cbab0d9516a179166459a906db9
libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 74afd1e860b06d7e41e5806e6ce159ba87ee70823eb29e35b0d9c7667b84b34d
libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 829adf3310212ebd422426a9840baee62e12608651b28a4ac4a8a7ca8023590c
libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 90c679e46f5c1c60dfebeef10e6e6616a748324aa0706d9660098cc4193005c5
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
SHA-256: 85695e8d8222d35e2a7c248d1c86bc9b03c0aef85fba3472025df0cedae1dfc0
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
ppc64le
curl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: e8fd256f0883c7f2562b7f3731838238fc73a8c0d5b0aba4fd2dc42128a497d2
curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 37457662d1e3ef7401af36a467ac84b72ed6954f53e9ef4d62d7f51aeb3c1888
curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b6a9e9a37e2009f027badd33806a1cc9829d085133a21a22a3e410bfd0a29835
curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: a0d823a679b0a3a41d2e658d10f8da455e9fc3a654af70de1deea503e124405f
libcurl-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 8b71a25e501dde2a682e693eb0ef7b6e20873a02144367b67c89d18a2adfe85b
libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 4fbd436a9340fd44b3591b876c800074aa29dad6d0f55f03529a4fe8b4dff1ec
libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: 2699616331a65e35a0a92f1f716e38b37fbf160789f60e420172a6da3baba92b
libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: b490bf1e80c4f254ce92a399440ce6b9e190f7cdc913d02a8b4db3eb284e8c23
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
SHA-256: de0ec535268508b4e786e16d26611aec554dce466aa289ca63ef0b4123afb97e
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
curl-7.61.1-22.el8_6.4.src.rpm
SHA-256: b8826fb0ef49ee061bdec763ad0b7cde2c83cf084713f2449134b95a161c1584
x86_64
curl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: e5e641932a5bd01129ef8f98c03367787baecbdad527b608800010269c5f1894
curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: aeca468a51479ac0a0837e2bfa6dc46754a0212088d7c990ce7bddeb076fec86
curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 6b333d14cc77a29fa951ade889e1c0c76fb4dcd645c964581593af442bb6359f
curl-debugsource-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 2a3f15168dbc54bbea12bdf088b7d4b80c24ff96f84bb69ea4ad5e5e38c495de
curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 580bb3b063b5f2714c492eca868da573753b9f27d516ec2756636428c41365f3
curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: e08966141c52c5b967f6bb73a02f3d84338c67baff729567a37a8d21194316ed
curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 1e08929aaa6499849ac7cc87853fd07db2186e5d3dac766500595766dc360290
libcurl-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 9f5009973e1a701d1277bf3250a98a761c78f7d2ff6c116d5f6f40263ae7542f
libcurl-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 35f322609ca8ca210d6f9eb732460ac9b2b9c03ee0656e0259ef82833a2882f9
libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 8d7dd1d0cd7914d6c371f9782c7f0393a8abb34daeebdf57717f245f1a63c929
libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 4a0ed861ddb02ece002bb65c6def774432c20862ba7262dbe1e43aa3759b282d
libcurl-devel-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 41fcd26318553e4dcc8683116f12aefebb1ccacab09b70474e7b3c53407814cc
libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 71e6895bcc3e1e85acb5d31f9df5cdfe067d816d23840ead56cb06e992ba2cb0
libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm
SHA-256: 032432a2fc524afa6c04ac3f8fcefc3eabdf2523148f6d6e1bb4f27e064e9324
libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 3be214880110bc1299a034b33bc8516ea9f263bbf7938bb307163e7598455561
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm
SHA-256: b836d70c003769be56f999664f27bd0e68a937a84c601a8136243506ada99a2b
libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
SHA-256: 036e703dc42bf11a2208eeba7f73544773e8ff98283828712b667e6c4caa315f
Related news
An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert ...
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Multicluster Engine v2.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzi...
Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: gol...
Openshift Logging Bug Fix Release (5.3.11) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...
Red Hat Security Advisory 2022-6157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32206: curl: HTTP compression denial of service * CVE-2022-32207: curl: Unpreserved file permissions * CVE-2022-32208: curl: FTP-KRB bad message verification
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Ubuntu Security Notice 5499-1 - Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack.
Ubuntu Security Notice 5495-1 - Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.
Ubuntu Security Notice 5495-1 - Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.