ALSA-2023:4354

[ALSA-2023:4354] Moderate: curl security update

Type:

security

Severity:

moderate

Release date:

2023-08-02

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* curl: more POST-after-PUT confusion (CVE-2023-28322)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-devel-7.76.1-23.el9_2.2.aarch64.rpm	220fb9d7ae37c4be71e8d5c56c44e62a41a5864a473d7233088724cd25acfcd2
aarch64	libcurl-minimal-7.76.1-23.el9_2.2.aarch64.rpm	405e053b51a25499560bad6adf4dc9514afbc54329d39607a0d353520b3a7482
aarch64	curl-minimal-7.76.1-23.el9_2.2.aarch64.rpm	a8a97868c1a5b61626f5b435281b72f18757fa0aaf6f8b96d56df1354798e463
aarch64	curl-7.76.1-23.el9_2.2.aarch64.rpm	c57e8d3240333e2dbfdb4601169a59a9261aa6c2cb3a52a7d185a54b00864360
aarch64	libcurl-7.76.1-23.el9_2.2.aarch64.rpm	fe63b80b92082a1cf581591efed276570f14952b3bd51e1e669272c82e3e2ebf
i686	libcurl-devel-7.76.1-23.el9_2.2.i686.rpm	1bfe596e01907f71bae1860b6e984ad528632b5fbdd4aa88a0b8d1e5fbe47047
i686	libcurl-minimal-7.76.1-23.el9_2.2.i686.rpm	4d1956602a4dffbcbb148497580ce3bcbc4432e21c374d32197945fe29eba48d
i686	libcurl-7.76.1-23.el9_2.2.i686.rpm	6ba6b0a65d3f4eb634ea6aa9948e7e39edee1db68dbada3c99ebfe6e6f9ac794
ppc64le	libcurl-devel-7.76.1-23.el9_2.2.ppc64le.rpm	4a237a862ae3188a8a870f5e439be58a54a8c6b47ea619f92d7f1956969c0c1e
ppc64le	curl-minimal-7.76.1-23.el9_2.2.ppc64le.rpm	4ac7d96801134cfc2c961a07f3cf478d3288c19409765e74db675a4188a7f441
ppc64le	libcurl-7.76.1-23.el9_2.2.ppc64le.rpm	8dcf4b0a974d5c618c675015d6c9706a12a06ef9bc351cbf61fd3ddf5effc3e2
ppc64le	libcurl-minimal-7.76.1-23.el9_2.2.ppc64le.rpm	bc05136bd3c4d0305014675d391bf08d61ac5193fe4f84d53b156e20bc7466cd
ppc64le	curl-7.76.1-23.el9_2.2.ppc64le.rpm	e6d9e9b4a99e4e16fc1dbdd57307badac5c7f3e76e7bb057d97e3ef6c7b94c19
s390x	curl-7.76.1-23.el9_2.2.s390x.rpm	685873853b4a8817b517a438b9a20f388b5619a8d1d9282195c381e2a33f43a1
s390x	curl-minimal-7.76.1-23.el9_2.2.s390x.rpm	9c2ae34b23e217104513f03bbcb6b79651fbae5dec7d6bb8e96da8f1b624fc3a
s390x	libcurl-minimal-7.76.1-23.el9_2.2.s390x.rpm	a0216b3f0a5f9e784bd32c645b0d690238296c143b31275a80987cc6be2d0770
s390x	libcurl-7.76.1-23.el9_2.2.s390x.rpm	bde13ee0e5c84d4a7dd20b2e3febeb931bf9365197c1354dfd41a22007eb6b0b
s390x	libcurl-devel-7.76.1-23.el9_2.2.s390x.rpm	e8cfbbf97a6cc95a64a419730e7cb7d4e66a6cdbcd6283e406e3c5c226d4c9d4
x86_64	libcurl-devel-7.76.1-23.el9_2.2.x86_64.rpm	0705cf4dfb56e6b0afa120a9d16f7319ad8aff46406099e6b070e3b823b45113
x86_64	curl-7.76.1-23.el9_2.2.x86_64.rpm	15f1ebb24b45e4566f1ede52ad9748d4cce8136a803dd33f286cc69e846281c9
x86_64	libcurl-minimal-7.76.1-23.el9_2.2.x86_64.rpm	57b67f05982b4b7ea10243db3094976f662659be5e4744fa9ac326ca942d2d2a
x86_64	curl-minimal-7.76.1-23.el9_2.2.x86_64.rpm	a7159d9f0959351c1b0224b5117e407af1db229c51197b9f873ebd4670c8b760
x86_64	libcurl-7.76.1-23.el9_2.2.x86_64.rpm	edb82065f515dc3ea8d298722bc2e3178e43809381cabf036524e70545909f02

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.