[ALSA-2022:5313] Moderate: curl security update
Type:
security
Severity:
moderate
Release date:
2022-07-25
Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) * curl: credential leak on redirect (CVE-2022-27774) * curl: auth/cookie leak on redirect (CVE-2022-27776) * curl: TLS and SSH connection too eager reuse (CVE-2022-27782) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 curl-7.61.1-22.el8_6.3.aarch64.rpm b99917ca74325e9f36d540906621d98da28c8174f6224caaeac65bb6dbe52493
aarch64 libcurl-7.61.1-22.el8_6.3.aarch64.rpm e3c8f80e702b0c0bdb9ab460008f6b702dd100f389eca734b832432763242d29
aarch64 libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm f07127a9aba8e71f4e015e0bbc1f511efcc6d7d830b8f8ea80bc1336a49f1bed
aarch64 libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm fbd024cc955f816e0edd333b07d23ba5eea455b59fc85543e03787c6f5e7ce59
i686 libcurl-7.61.1-22.el8_6.3.i686.rpm 2ec577878137f04f7f9b4748bce6cde3894c431bd9e6b0854f53e19cf47f2ec0
i686 libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm 7a69539bcce5f23e19e637400115c080d2903482fac0eeb58e90651e1cf9327d
i686 libcurl-devel-7.61.1-22.el8_6.3.i686.rpm ec616ec44b4ea308b612c72eb2e39239e9610cec143c88bcf1bf72027d997598
ppc64le libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm 137e6fe7998ae7326d88beaaedb3d3fdb4550e8398aab6ebf6bcc273b861af17
ppc64le libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm 1ac8fa83ab2c2a24f5a0e91c319dd34919b27c393ccd713a6e5eb4d65f901ec8
ppc64le curl-7.61.1-22.el8_6.3.ppc64le.rpm 7c8c33e8ef2fff76fdbad76b8cf33dd4a2141eb5ea712629a82140829be87946
ppc64le libcurl-7.61.1-22.el8_6.3.ppc64le.rpm 88a6cf7d41c57bb8151d4feee1a9a87f51cb237b157004dafba52198599042b6
x86_64 curl-7.61.1-22.el8_6.3.x86_64.rpm 8ec25b3b5302e7a6f8ccd8d1dddcbace7619dc5d6c90ec8798f58c77e745433c
x86_64 libcurl-7.61.1-22.el8_6.3.x86_64.rpm bd648b796d5b4ee60a5938a3441327481c89bfe108abe34848c3e092e3d9c5ab
x86_64 libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm c9120f5ba86224d970732d8bd63db50261332103f8e10a5e8499dc1c69db7407
x86_64 libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm d0aa45bc21c7146a07becf148ea54dd3b78caf7d42a0c677ae145e12f4cfbbff
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.