ALSA-2023:4523

[ALSA-2023:4523] Moderate: curl security update

Type:

security

Severity:

moderate

Release date:

2023-08-09

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: GSS delegation too eager connection re-use (CVE-2023-27536)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	curl-7.61.1-30.el8_8.3.aarch64.rpm	091e74642082ffa071492342ad5be4a5cfbe7ab62c03d0bbf9694802306d3edc
aarch64	libcurl-7.61.1-30.el8_8.3.aarch64.rpm	201f31601f3c22e18fd1168414efd465f613a92994b033a5b722639a6dbde13d
aarch64	libcurl-devel-7.61.1-30.el8_8.3.aarch64.rpm	6fbba3b937a300f2e74e752354e3f3d86e736e47ef22ce3201b0eb9369508b18
aarch64	libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm	9c9f4fa511ed179b28bb72571d76a4acbf261f13736289d9a66fc07a4f39865e
i686	libcurl-7.61.1-30.el8_8.3.i686.rpm	6441c29f70e6c9b86fdaed062218532ebd6a9a0e788825061aa2fe6f2039eb78
i686	libcurl-devel-7.61.1-30.el8_8.3.i686.rpm	a7a2b743fe8cc1662a346bbf04e9b3a55b2d2eeb12e0a17be49a68aeee3615d5
i686	libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm	f5877d4759f7e060451bcedeedfd161129f5d8826eed2034a6932729ef75e226
ppc64le	libcurl-minimal-7.61.1-30.el8_8.3.ppc64le.rpm	0a788895c6883c01e8fa19cd9c826e1fec77bc98ba0529087a28e0d1a157eb09
ppc64le	curl-7.61.1-30.el8_8.3.ppc64le.rpm	a393fb85a1883ee276d6970c4b3971d5de9d93b42dda956e0bbe30a7be917185
ppc64le	libcurl-7.61.1-30.el8_8.3.ppc64le.rpm	c2c0f83d0280c3bb51c18f842c1e72bb91b58c943e0b9f16799e65363a202582
ppc64le	libcurl-devel-7.61.1-30.el8_8.3.ppc64le.rpm	d4c41cf1ada68fbf9c2c52888cafb64752f76560fd7638dabd63e92ac5641e26
s390x	libcurl-minimal-7.61.1-30.el8_8.3.s390x.rpm	177a01fb3848e1f5487a482f01d99e5a7ddb5fcdc5acc723a542394a16a74cda
s390x	curl-7.61.1-30.el8_8.3.s390x.rpm	29fae09ff2d1cda3fd4d5e28fd34b50cc3a72bde21baaeaf7c69749501d4577a
s390x	libcurl-7.61.1-30.el8_8.3.s390x.rpm	60085bb93333654624ba1876a9c379f430c2b897061952eea30b2dea08dbf16b
s390x	libcurl-devel-7.61.1-30.el8_8.3.s390x.rpm	d8685d01f67ba24fb79a7befa8182b572f76aeafc4416060f84d62fcd7a2f4b8
x86_64	libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm	166b384b639c099c3b58fbbdf9e1f0a26b6ac673c36b892d518c023754c58975
x86_64	curl-7.61.1-30.el8_8.3.x86_64.rpm	1f10d0900fb7352f5c5b0a6d7ba36aabefcad9bbb8bca2b2ab888146a050db3e
x86_64	libcurl-7.61.1-30.el8_8.3.x86_64.rpm	3a60074fb47496538eaec968861e860419f3c04b42575389284fd1eaab063f80
x86_64	libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm	6f21e8c5f6066546b861aab54134745854adbd88511107e6db98d614b927bc9b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.