ALSA-2024:1601

[ALSA-2024:1601] Moderate: curl security and bug fix update

Type:

security

Severity:

moderate

Release date:

2024-04-02

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
* curl: cookie injection with none file (CVE-2023-38546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* libssh (curl sftp) not trying password auth (BZ#2240033)
* libssh: cap SFTP packet size sent (AlmaLinux-5485)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm	07e3e9431dea40a93e259170fb1eb3648661d00b587771d12e4414b61edc0b7f
aarch64	curl-7.61.1-33.el8_9.5.aarch64.rpm	4910e3f9e055529ff321690fdc323fceeb02facc7ecf7cd5e286cba58c89a968
aarch64	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm	4d168a523af9f8966a466c93e5407176e0447d3543b1ebcdbac24e598a788aee
aarch64	libcurl-7.61.1-33.el8_9.5.aarch64.rpm	670877c9156cc70220e149ca0a9f2af714c00ef488e0a56b137854953ef48635
i686	libcurl-7.61.1-33.el8_9.5.i686.rpm	401bbde1cf996408798f8588daf3133bf798b57c903550eb13e21753493d28c0
i686	libcurl-devel-7.61.1-33.el8_9.5.i686.rpm	9275ce5a17a0fed0e569d5ad4fdc904a1c322570c6db5ce853291d418f261edf
i686	libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm	b5c40afc05463f68a2f100f2e2c1060a7b48605729ff7b52f1fa4cd23dff42eb
ppc64le	libcurl-7.61.1-33.el8_9.5.ppc64le.rpm	372b0f06ad2ed6530c8a49e37e70a66d42c18747fc8bcaf4eadda9f96694fb68
ppc64le	libcurl-minimal-7.61.1-33.el8_9.5.ppc64le.rpm	68213e7fd4de764010f423f788be811620525d8bb52937b923e57d076ffa6a6c
ppc64le	curl-7.61.1-33.el8_9.5.ppc64le.rpm	ba6be0bb036b75c947c432695c3efe40ca517c8e2d2dab3866175fe2fbc81525
ppc64le	libcurl-devel-7.61.1-33.el8_9.5.ppc64le.rpm	e312b4480b2684f1b01be1dd7a47b1cb2d795758c0ab315896d372297d928d20
s390x	curl-7.61.1-33.el8_9.5.s390x.rpm	3ccee1acccee7c90999cab07a6ba093791cb05de5305381f779ec27191601f9d
s390x	libcurl-7.61.1-33.el8_9.5.s390x.rpm	882281526c2cd42866d1f7fdf13191918a59504fc8cdb6ba2ec230d7f49e2cb5
s390x	libcurl-minimal-7.61.1-33.el8_9.5.s390x.rpm	903412fc95ee2acc9deb4a61e5e7ae9fcf46e210d172baad7696ba6ba8209e6a
s390x	libcurl-devel-7.61.1-33.el8_9.5.s390x.rpm	9c3f4a8be5d170a105c0cd5f747b318707d02cde7d8a5daca44eb9331cc11021
x86_64	libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm	85bca9fe04ad755d9a867849d2dfe380207818e0aabaf755dd109845979cf069
x86_64	curl-7.61.1-33.el8_9.5.x86_64.rpm	8dab56117167eb9e310b9e4f84b0bfb2d588a5a1c4b8c3ef72ba82fa342c3c56
x86_64	libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm	97b7c16845c4e2e10cbc879a9190b5fa7e6631575d152b64af661237ce763774
x86_64	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f22b14c9f87fa3c8a30e67ceb919269b5f13127e951c59b6f5287489b8eb71ec

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.