ALSA-2023:6745

[ALSA-2023:6745] Important: curl security update

Type:

security

Severity:

important

Release date:

2023-11-14

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)
* curl: cookie injection with none file (CVE-2023-38546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-minimal-7.76.1-26.el9_3.2.aarch64.rpm	3067ea1988e1cfe5946b9f4f673db49998839cc7f39b998eac854a477e8b266f
aarch64	curl-7.76.1-26.el9_3.2.aarch64.rpm	415e8eda1d94eb6ed2c159b1a43c61ed436abcd6bfa7be715f0ff448c7b86103
aarch64	libcurl-devel-7.76.1-26.el9_3.2.aarch64.rpm	689cb5000b927c2cbc62adbd9fa982c781346980bb8774945af299b66561adbf
aarch64	curl-minimal-7.76.1-26.el9_3.2.aarch64.rpm	695b426f584bb63e56f49d9b103a1f695a76c47158705e56621f31d54d5d47f0
aarch64	libcurl-7.76.1-26.el9_3.2.aarch64.rpm	a6fb67131c9a280bb62dbf8e1c6a2099c79dc8389ba3a00810db2289b8629dd6
i686	libcurl-devel-7.76.1-26.el9_3.2.i686.rpm	75acd9f5ab4089a943181110875cca9c9c5b648302c588a368ea050af9950439
i686	libcurl-minimal-7.76.1-26.el9_3.2.i686.rpm	9abf40a9c978bd87624a0dad792d1f6eee67d4b3baa93112849d5be950c764ba
i686	libcurl-7.76.1-26.el9_3.2.i686.rpm	9cbf8115f0901a41b0e129d801395867be99ee164cc8a1cf8040f852f3ff1c06
ppc64le	libcurl-7.76.1-26.el9_3.2.ppc64le.rpm	05c1f89f8c78e96d4e18c65e17637545b9b83ccaa975e479b8fc52ba102e2129
ppc64le	curl-minimal-7.76.1-26.el9_3.2.ppc64le.rpm	4f6f3c925c7dfb31076dcc312c8a1540e4bc9534e451a47487e14a8e61bf2710
ppc64le	libcurl-minimal-7.76.1-26.el9_3.2.ppc64le.rpm	911834a48af054b5f2704b37917c2f4ecaf9ef77c45a4b0c88c763cc2be317e3
ppc64le	libcurl-devel-7.76.1-26.el9_3.2.ppc64le.rpm	a9592c925f6b83340686ed9110b79feccb02f0518065c06bf01cb7bc13341ba1
ppc64le	curl-7.76.1-26.el9_3.2.ppc64le.rpm	e96f8a68e6f6d9a6f43e6d9a2cde27281cd16b975dde19fdbc9c9b8f66b54a15
s390x	libcurl-7.76.1-26.el9_3.2.s390x.rpm	ae93cf04e9ba03c18711c3e36e041120c30f7b332813b14ae0d6e59ce5df4014
s390x	curl-minimal-7.76.1-26.el9_3.2.s390x.rpm	c541767d824314e808023e325d83500612ba9dd20a90a292ad3a53ef29cc5a05
s390x	curl-7.76.1-26.el9_3.2.s390x.rpm	d1bf0b1feb32e8cc3f3a95891116f0b550b2b931ccd27cb45991a4c1afc1abd6
s390x	libcurl-devel-7.76.1-26.el9_3.2.s390x.rpm	edbf15f591c8701946437045308d253a1fb5256d58e1b029073f34edd44a7b14
s390x	libcurl-minimal-7.76.1-26.el9_3.2.s390x.rpm	f6f8e5802c2a834f05fa18b6cad61710d43d3d7c7d6774eee581a3c4e9e19dd3
x86_64	curl-minimal-7.76.1-26.el9_3.2.x86_64.rpm	295a2a453b2d00ad78902e49944d7fa5b5fddab46d0e08331c4f44b5690ea935
x86_64	libcurl-7.76.1-26.el9_3.2.x86_64.rpm	457c5ce364e08073856ce55846d66dd81b6e560aa3ba68927116af09ec9a54e4
x86_64	curl-7.76.1-26.el9_3.2.x86_64.rpm	4eb35ab37f7a846688db71d86959afab9e175a95614b6bb98c1db6eee6431011
x86_64	libcurl-devel-7.76.1-26.el9_3.2.x86_64.rpm	a588bcca5150b37046b5a3f839781b924203473929a075327a4180fa770c7bbc
x86_64	libcurl-minimal-7.76.1-26.el9_3.2.x86_64.rpm	dca71a10affef9e2b5ef7790551df59ee3743b8a22adf454836b2923b50af355

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.