ELSA-2021-3582

ULN >
Oracle Linux Errata repository >
ELSA-2021-3582

ELSA-2021-3582 - curl security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2021-09-21

Description

[7.61.1-18.el8_4.1]
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded

Related CVEs

CVE-2021-22922

CVE-2021-22923

CVE-2021-22924

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	curl-7.61.1-18.el8_4.1.src.rpm	f407f5727e617ffb0bb1026c28440ea6	-
	curl-7.61.1-18.el8_4.1.aarch64.rpm	7e5bf3d883f34d654095fbd8dc51f335	-
	libcurl-7.61.1-18.el8_4.1.aarch64.rpm	063a9262aae114f4ef7e1b39b00f09c2	-
	libcurl-devel-7.61.1-18.el8_4.1.aarch64.rpm	c1d14d5d9ac995b26e1ad27329aa526a	-
	libcurl-minimal-7.61.1-18.el8_4.1.aarch64.rpm	5891603b20165a55bcd691c04a94b6dc	-

Oracle Linux 8 (x86_64)	curl-7.61.1-18.el8_4.1.src.rpm	f407f5727e617ffb0bb1026c28440ea6	-
	curl-7.61.1-18.el8_4.1.x86_64.rpm	7430c42a94992daa18c9c5f27ff5e607	-
	libcurl-7.61.1-18.el8_4.1.i686.rpm	a7ca5b909c2386e5934ddfdaa420d6cb	-
	libcurl-7.61.1-18.el8_4.1.x86_64.rpm	8af596e9a2ff3956f983b05e23f9df6f	-
	libcurl-devel-7.61.1-18.el8_4.1.i686.rpm	2e1f6c4f2d5f4ecaff81115fa8b11987	-
	libcurl-devel-7.61.1-18.el8_4.1.x86_64.rpm	3698f3da0f6601630bed51c5f184a5f0	-
	libcurl-minimal-7.61.1-18.el8_4.1.i686.rpm	fb3fd4bdbe0b5c2cfd4ffaada6ec9147	-
	libcurl-minimal-7.61.1-18.el8_4.1.x86_64.rpm	5e78802cfdb9efbf8c3f2962b85be3f0	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691