Stay Connected:

ELSA-2021-3582

ELSA-2021-3582 - curl security update

Type:SECURITY
Impact:MODERATE
Release Date:2021-09-21

Description


[7.61.1-18.el8_4.1]
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded


Related CVEs


CVE-2021-22923
CVE-2021-22922
CVE-2021-22924

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) curl-7.61.1-18.el8_4.1.src.rpmb22de2e003e17d6b8a7c5a6d202bfa390a4ba57f37ae383dec01b47c4ba0c3ed-ol8_aarch64_baseos_latest
curl-7.61.1-18.el8_4.1.src.rpmb22de2e003e17d6b8a7c5a6d202bfa390a4ba57f37ae383dec01b47c4ba0c3ed-ol8_aarch64_u4_baseos_patch
curl-7.61.1-18.el8_4.1.aarch64.rpm67d3ef2f718d4cbae86abeb56014c674eb6e86c4e65fc80a591795cae3129bec-ol8_aarch64_baseos_latest
curl-7.61.1-18.el8_4.1.aarch64.rpm67d3ef2f718d4cbae86abeb56014c674eb6e86c4e65fc80a591795cae3129bec-ol8_aarch64_u4_baseos_patch
libcurl-7.61.1-18.el8_4.1.aarch64.rpme3d67375253cf98c00aef46c23c26751fc1df7b990eefb3cae6c6f2521a70a23-ol8_aarch64_baseos_latest
libcurl-7.61.1-18.el8_4.1.aarch64.rpme3d67375253cf98c00aef46c23c26751fc1df7b990eefb3cae6c6f2521a70a23-ol8_aarch64_u4_baseos_patch
libcurl-devel-7.61.1-18.el8_4.1.aarch64.rpm7fc2bc79fb6dd5708a583f57b757eaf6fd54512ff3d6567c15f41d0d84062d49-ol8_aarch64_baseos_latest
libcurl-devel-7.61.1-18.el8_4.1.aarch64.rpm7fc2bc79fb6dd5708a583f57b757eaf6fd54512ff3d6567c15f41d0d84062d49-ol8_aarch64_u4_baseos_patch
libcurl-minimal-7.61.1-18.el8_4.1.aarch64.rpm9334aa7b98ca68c785692074572288374702fd5480e410ed1a8f9471bb8acd58-ol8_aarch64_baseos_latest
libcurl-minimal-7.61.1-18.el8_4.1.aarch64.rpm9334aa7b98ca68c785692074572288374702fd5480e410ed1a8f9471bb8acd58-ol8_aarch64_u4_baseos_patch
Oracle Linux 8 (x86_64) curl-7.61.1-18.el8_4.1.src.rpmb22de2e003e17d6b8a7c5a6d202bfa390a4ba57f37ae383dec01b47c4ba0c3ed-ol8_x86_64_baseos_latest
curl-7.61.1-18.el8_4.1.src.rpmb22de2e003e17d6b8a7c5a6d202bfa390a4ba57f37ae383dec01b47c4ba0c3ed-ol8_x86_64_u4_baseos_patch
curl-7.61.1-18.el8_4.1.x86_64.rpm5ba8f9171db8c672435f44aee6adb762808774a835f7f0fe6f13fc00289431d8-ol8_x86_64_baseos_latest
curl-7.61.1-18.el8_4.1.x86_64.rpm5ba8f9171db8c672435f44aee6adb762808774a835f7f0fe6f13fc00289431d8-ol8_x86_64_u4_baseos_patch
libcurl-7.61.1-18.el8_4.1.i686.rpmd3d02c0abb3618bebcbe59e221c782d6453ff03fe87b4ece71a1c7cf6e8420bb-ol8_x86_64_baseos_latest
libcurl-7.61.1-18.el8_4.1.i686.rpmd3d02c0abb3618bebcbe59e221c782d6453ff03fe87b4ece71a1c7cf6e8420bb-ol8_x86_64_u4_baseos_patch
libcurl-7.61.1-18.el8_4.1.x86_64.rpm5de9ea8f87507863198eeee9c5aa0b64e562f349746887090c0b8c6ceb78a143-ol8_x86_64_baseos_latest
libcurl-7.61.1-18.el8_4.1.x86_64.rpm5de9ea8f87507863198eeee9c5aa0b64e562f349746887090c0b8c6ceb78a143-ol8_x86_64_u4_baseos_patch
libcurl-devel-7.61.1-18.el8_4.1.i686.rpm8aa430c10a0e8d87703da0e0b3f04bbfdddde18f42ae444820dad12630d9d9cd-ol8_x86_64_baseos_latest
libcurl-devel-7.61.1-18.el8_4.1.i686.rpm8aa430c10a0e8d87703da0e0b3f04bbfdddde18f42ae444820dad12630d9d9cd-ol8_x86_64_u4_baseos_patch
libcurl-devel-7.61.1-18.el8_4.1.x86_64.rpm50c973bcbe9ce6997b54b90b711d4096936220e91a18966ca6252fc5c827c067-ol8_x86_64_baseos_latest
libcurl-devel-7.61.1-18.el8_4.1.x86_64.rpm50c973bcbe9ce6997b54b90b711d4096936220e91a18966ca6252fc5c827c067-ol8_x86_64_u4_baseos_patch
libcurl-minimal-7.61.1-18.el8_4.1.i686.rpmf426019dbf10b5508142fe720027808206f73499117aba7a37ee0750379f729e-ol8_x86_64_baseos_latest
libcurl-minimal-7.61.1-18.el8_4.1.i686.rpmf426019dbf10b5508142fe720027808206f73499117aba7a37ee0750379f729e-ol8_x86_64_u4_baseos_patch
libcurl-minimal-7.61.1-18.el8_4.1.x86_64.rpme19289505f69c9fc9bb81780940427875f93a13ec8ee5b275cb40ad1e7b63e30-ol8_x86_64_baseos_latest
libcurl-minimal-7.61.1-18.el8_4.1.x86_64.rpme19289505f69c9fc9bb81780940427875f93a13ec8ee5b275cb40ad1e7b63e30-ol8_x86_64_u4_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights