ALSA-2023:2478

[ALSA-2023:2478] Low: curl security update

Type:

security

Severity:

low

Release date:

2023-05-12

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)
* curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-devel-7.76.1-23.el9.aarch64.rpm	3416cf64b885765ddb9ffa828979a5d2e6941c96f21f59d7eec9705f47a482c3
aarch64	curl-7.76.1-23.el9.aarch64.rpm	64b1530492d7eb509bf4dfa8ce908b344ac55cf8a5078aec1545f9bb76403d4c
aarch64	libcurl-7.76.1-23.el9.aarch64.rpm	c3a03e7cacd7e6a8ad0998c33fb53f6f4ce7d7ea50ce48f85e08541fe3068ca8
aarch64	libcurl-minimal-7.76.1-23.el9.aarch64.rpm	de1bd3f3e65bb66013c357431b1238f7e7aad60c175347e9842453b00be8c79d
aarch64	curl-minimal-7.76.1-23.el9.aarch64.rpm	eb8d67af6c7f1acca28b3e035bdd28e58280b6f2dafff072596d63ca983ab5ae
i686	libcurl-7.76.1-23.el9.i686.rpm	13ae11f2747287adf73507995209c6d5cc013f05211af88c97f3a4917bbde881
i686	libcurl-devel-7.76.1-23.el9.i686.rpm	660818f2e31e18baa7b267885e21d2823242f516cc34c9cc6a5d163e22b4d11c
i686	libcurl-minimal-7.76.1-23.el9.i686.rpm	855fbf53ccab397188f46a904e4886801b81f8a0788c9e3dbb4f0cdceca5da4e
ppc64le	libcurl-minimal-7.76.1-23.el9.ppc64le.rpm	0335de62950e42b16a6ec3ff6d95651626eae2e799ab137e80354de8953b9acc
ppc64le	curl-minimal-7.76.1-23.el9.ppc64le.rpm	514f2d829785587552374c89bdd0219c3560d17e0fed81f993d9c6a0949e4fc7
ppc64le	curl-7.76.1-23.el9.ppc64le.rpm	b366b7b70877e3dfcf77ff220c8f61b23d454f122bc17de4414ea4d8f8d187a6
ppc64le	libcurl-7.76.1-23.el9.ppc64le.rpm	d631318c94841c1c751e4c28ec30a98fbd665f894f1d2e677b6543e1ead15744
ppc64le	libcurl-devel-7.76.1-23.el9.ppc64le.rpm	d7faa2875f9a8f13a00a162bfe0b064e336291cb0acf1b692a8916478d0ca2df
s390x	curl-minimal-7.76.1-23.el9.s390x.rpm	2b3630b2703367a9e6056863e9b9304e98ad77af0201438e0a349c5ed89689b3
s390x	libcurl-7.76.1-23.el9.s390x.rpm	2b68badb3c6abc1e2d1fd013c6af7bce874f60a708a13922d0a2ad2aa4d156e6
s390x	libcurl-devel-7.76.1-23.el9.s390x.rpm	6e6ff640f1c717655050fdd3d2e25a22fd5c9e3e8b83705dea58a4b4c3275b86
s390x	libcurl-minimal-7.76.1-23.el9.s390x.rpm	762932db97ec3776d7e278a2278b4476402ef1bd0fd8e43039ade43055d13206
s390x	curl-7.76.1-23.el9.s390x.rpm	9b3ac4ae786390b853937290d1bf10503844fdac7d95627437ee59e6e9644d92
x86_64	libcurl-devel-7.76.1-23.el9.x86_64.rpm	69646a0e6fd8220e32c5092f85ce2f240b0e481d25cced6f4b7bb66a66111a86
x86_64	curl-7.76.1-23.el9.x86_64.rpm	795967b90ad96ac170f6da99bd586e09dffa035020cb6119a5844064ca39eea0
x86_64	libcurl-7.76.1-23.el9.x86_64.rpm	af34ea6b05cd4f03a4c912c70a7ae071e9a895164fdd193e92b4f4e20eec4cb3
x86_64	libcurl-minimal-7.76.1-23.el9.x86_64.rpm	b0613c91baf2244aa4ea55a7be11807f437b7da176d4285d030f6232e9a2358a
x86_64	curl-minimal-7.76.1-23.el9.x86_64.rpm	da891e4118edfdcc3a2a927003d6b55698654cc24bb12ea82488f4f6f759e5f5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.