ALSA-2021:4511

[ALSA-2021:4511] Moderate: curl security and bug fix update

Type:

security

Severity:

moderate

Release date:

2021-11-09

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

* curl: TELNET stack contents disclosure (CVE-2021-22898)

* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	curl-7.61.1-22.el8.aarch64.rpm	0da43b947ebf486d2679687e3b96b0c729be329a6074bdf42e5a6608d5c491ef
aarch64	libcurl-7.61.1-22.el8.aarch64.rpm	24d6e810fc26c104d46c21624cbb1d78d78dab65612fe92c114e43017eac833c
aarch64	libcurl-minimal-7.61.1-22.el8.aarch64.rpm	a83d7c46c6b6ec53b34ad61f31c1f3a0510cf2f1d5892f3d4d1a4b429dafdd6b
aarch64	libcurl-devel-7.61.1-22.el8.aarch64.rpm	ea27c65e5e6ae7f8ad07cf201826770b9142d174944b094119c046ebef3c3b5e
ppc64le	libcurl-devel-7.61.1-22.el8.ppc64le.rpm	01677c5678953c593429c995d7c5c86792492f1130d599f73a56551e4c7cd907
ppc64le	libcurl-7.61.1-22.el8.ppc64le.rpm	44376d8fcd13d32b7e5ab0ab460a95e5c6a1858130eb810fa2070a5d6b8d992a
ppc64le	curl-7.61.1-22.el8.ppc64le.rpm	5577237da1d7e7433bcf60137746fabd3826bee5e244a12e55aa75c669265bce
ppc64le	libcurl-minimal-7.61.1-22.el8.ppc64le.rpm	f81d6741d5e9ddb1a506312c5d7f55821091046afc2e42a5dfb53057855a1ae6
x86_64	libcurl-minimal-7.61.1-22.el8.x86_64.rpm	11752ab6bd172e9d75092ccdd955c0368b9e56d08db411e602102f6bf861bc03
x86_64	libcurl-minimal-7.61.1-22.el8.x86_64.rpm	11752ab6bd172e9d75092ccdd955c0368b9e56d08db411e602102f6bf861bc03
x86_64	libcurl-7.61.1-22.el8.x86_64.rpm	5583b14d7514f0902a365721af91b76306e8d45a52ee05576f5a0d8b6977b662
x86_64	libcurl-7.61.1-22.el8.x86_64.rpm	5583b14d7514f0902a365721af91b76306e8d45a52ee05576f5a0d8b6977b662
x86_64	libcurl-devel-7.61.1-22.el8.x86_64.rpm	7f649ec9feff74c0430287a93a5c32cd139d5f53c599d57bd06717175f3d0af1
x86_64	libcurl-devel-7.61.1-22.el8.x86_64.rpm	7f649ec9feff74c0430287a93a5c32cd139d5f53c599d57bd06717175f3d0af1
x86_64	curl-7.61.1-22.el8.x86_64.rpm	990faf9d9c466bfb759e498c1ea7b66fcaeca77d463a3c0d7c9bc6f48f469658

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.