ALSA-2023:2963

[ALSA-2023:2963] Low: curl security and bug fix update

Type:

security

Severity:

low

Release date:

2023-05-19

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)
* curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-7.61.1-30.el8.aarch64.rpm	1051839fdfbcb46efa9d72476bbf90b01d17d2b0a6ed98ed6038752e4207c0f0
aarch64	curl-7.61.1-30.el8.aarch64.rpm	673f78d18ded4e7b49a367221a4f17271a8e1af5437954634a82a4a42fa579bb
aarch64	libcurl-minimal-7.61.1-30.el8.aarch64.rpm	9b2b127bc563e2f3aebd0003996ab1724ffd93b9204b3f7ca0a8b40f0c986afc
aarch64	libcurl-devel-7.61.1-30.el8.aarch64.rpm	b2b00e96146ef9aa2edd1ad52254aee240551502749bbf8505ec1c030edbe3d2
i686	libcurl-7.61.1-30.el8.i686.rpm	51c1917948eba156680df38cac2ba4451e530a9b36bb7ef881da845cc894335d
i686	libcurl-devel-7.61.1-30.el8.i686.rpm	807ca176defe2641257623d799c5de6a06e7160583bc716d09a1f82cc35e708b
i686	libcurl-minimal-7.61.1-30.el8.i686.rpm	9769cfaea17c653f41326e51fc77a58313fc619cb457fe86032fdfbe27d6ab01
ppc64le	libcurl-minimal-7.61.1-30.el8.ppc64le.rpm	0d847b37bd292f16a99d306713447fddf48ed12b15f3c2ffde0fc8a35e3e2253
ppc64le	libcurl-7.61.1-30.el8.ppc64le.rpm	816705e1c7b8b936d85b65afe5f453d2d147e1a727d78c1bfac3f5fff36efcaa
ppc64le	libcurl-devel-7.61.1-30.el8.ppc64le.rpm	a778d930895996bd16c6fa287c8049fe6099b699a4c7e0523527f734ac9eae2d
ppc64le	curl-7.61.1-30.el8.ppc64le.rpm	b5616b4b179034188890ca3f07ad1cc2bd9259ce203f53c695c4aaf7bc0bd276
s390x	libcurl-7.61.1-30.el8.s390x.rpm	2e63193e7ebfce0c309311bd7eebacb05cb49ee73e39884a48bc5322ce4d446a
s390x	curl-7.61.1-30.el8.s390x.rpm	6951667c7d033b6183467e07f6e7d9560ea26acdb125587bd7ef5205d26c7cad
s390x	libcurl-minimal-7.61.1-30.el8.s390x.rpm	b516027bb4f5e75c937db6830f487cb55ae88d51528b5232c5edb576054e8553
s390x	libcurl-devel-7.61.1-30.el8.s390x.rpm	b5ede3fd71df47e509b20bca74fe19cad8e1455289fdb61c00ba8cc0b082a1ed
x86_64	libcurl-7.61.1-30.el8.x86_64.rpm	0ca66af2e77a7dae7f3886f025c496f610401d2e9e2c0a432b71e24230fe7f67
x86_64	libcurl-minimal-7.61.1-30.el8.x86_64.rpm	62606eac0b1d22377dfc44549d0a0a4300427a40e60ea2abc0327323274bdd81
x86_64	libcurl-devel-7.61.1-30.el8.x86_64.rpm	7ec216b1b3aaf10f4f7d57839510844ce9bdb31ac62cd13b115823dbcdb4562e
x86_64	curl-7.61.1-30.el8.x86_64.rpm	f6fe5f0811d4f93a83fa2c50297dcb69599c053402ec4d9eaf83df4cf36e6040

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.