ALSA-2023:5763

[ALSA-2023:5763] Important: curl security update

Type:

security

Severity:

important

Release date:

2023-10-17

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)
* curl: cookie injection with none file (CVE-2023-38546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-devel-7.76.1-23.el9_2.4.aarch64.rpm	00d5e8a0ea16a4f7df0366239fec6f4cf668ce917347a8a6d452c8934ce295b0
aarch64	curl-7.76.1-23.el9_2.4.aarch64.rpm	536c2b39e10aeae3b7e9ab32d2be7e3355c23307c8b987311a10c5d29292f35c
aarch64	libcurl-minimal-7.76.1-23.el9_2.4.aarch64.rpm	bfddd5ada5965d23ecd2671e8cf167f5971532cf5e71fb03d4776598f932ee20
aarch64	libcurl-7.76.1-23.el9_2.4.aarch64.rpm	e7795ae4b34b4c1bf070fe15fcc10c4cf20b7455a54067d09fa7a4f8c041b0a6
aarch64	curl-minimal-7.76.1-23.el9_2.4.aarch64.rpm	f2f953969096f9952e121729d9649ae164414bafd8d939bae663b9d43d017f3d
i686	libcurl-minimal-7.76.1-23.el9_2.4.i686.rpm	53434c015ec64662f83ec351d7022d0ea5fdd13631daa37915574a11e132e90d
i686	libcurl-devel-7.76.1-23.el9_2.4.i686.rpm	6a56b92dde0f6852cf0f1c014ac6f63bbb8548c577a6d3a1d51396f414d7aab4
i686	libcurl-7.76.1-23.el9_2.4.i686.rpm	eabec071b8be81998f1747f138ee3be637c8482eb202367d9a36cd6cf1b470ed
ppc64le	curl-7.76.1-23.el9_2.4.ppc64le.rpm	05cb578084394ed0984e3a9c98e999b7663a7616c1362e82806294a64e137aa1
ppc64le	libcurl-minimal-7.76.1-23.el9_2.4.ppc64le.rpm	0ee13ca157df604db6fb4bd4113720a8ea3a01f100bbf60b3e2d0bfa8cfc50d3
ppc64le	curl-minimal-7.76.1-23.el9_2.4.ppc64le.rpm	64791fd5b1bf3b98c8a7320a4ab1615347eb59922f2bddc4109d307fd44789df
ppc64le	libcurl-devel-7.76.1-23.el9_2.4.ppc64le.rpm	ccfc8a94b7187a08998cc77dd267f2390a4a6ab92b0c9587da4b8419ed091ffb
ppc64le	libcurl-7.76.1-23.el9_2.4.ppc64le.rpm	dcdbe949afce15da48713adffcaa601693c67f28ea03dbacf71be31b0941aabd
s390x	curl-7.76.1-23.el9_2.4.s390x.rpm	24e0b0c12b123f956a69d2c57b62b4921a042b64b1b4a6f1c2e902f021646b67
s390x	libcurl-7.76.1-23.el9_2.4.s390x.rpm	463da87ecfa5d8dc168042cbc75b91066ed5e401fae1895362370419b88497b6
s390x	libcurl-devel-7.76.1-23.el9_2.4.s390x.rpm	5f432340245cf1a9e5209a9c777065af7bbea607d1d26198c7c43ba5f9ba7899
s390x	libcurl-minimal-7.76.1-23.el9_2.4.s390x.rpm	7b7b18dc4a59806c061fccc76f9bdfadb0775962ad52236db0ae403a7a9e7ddf
s390x	curl-minimal-7.76.1-23.el9_2.4.s390x.rpm	98958c3ece133cf831b2f8f13b8919e4ab4a504e52ba39d296c4f005ec9c8eb8
x86_64	curl-minimal-7.76.1-23.el9_2.4.x86_64.rpm	47f20b6ea580e44131495555e35f25855ff009eae90cbfeed8ca4acab358cf4f
x86_64	libcurl-minimal-7.76.1-23.el9_2.4.x86_64.rpm	5b112187b9e101a0950f1d6ff19e13e24f7d49e64c3b2e996415b43e82f99ca7
x86_64	libcurl-7.76.1-23.el9_2.4.x86_64.rpm	6cc38779159ce652cb49cb2266257a6164ebedef31568de33a38e2b61074b840
x86_64	curl-7.76.1-23.el9_2.4.x86_64.rpm	a49e846376fe4af08b6046e58ecd83715b034454f5b0891260130c0432f43ef1
x86_64	libcurl-devel-7.76.1-23.el9_2.4.x86_64.rpm	f7cb1209a6fe249c150d12190e2b8b61d0780efbfab17f777f2c0799c34dd996

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.