ELBA-2022-3909
- ULN >
- Oracle Linux Errata repository >
- ELBA-2022-3909
ELBA-2022-3909 - curl
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2022-06-30 |
Description
[7.76.1-14]
- re-disable HSTS in libcurl as an experimental feature (#2005874)
[7.76.1-13]
- disable more protocols and features in libcurl-minimal (#2005874)
[7.76.1-12]
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
- fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
[7.76.1-11]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
[7.76.1-10]
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
[7.76.1-9]
- make explicit dependency on openssl work with alpha/beta builds of openssl
[7.76.1-8]
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
[7.76.1-6]
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
[7.77.0-5]
- build the curl tool without metalink support (#1967213)
[7.76.1-4]
- fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
[7.76.1-3]
- fix TLS session caching disaster (CVE-2021-22901)
- fix TELNET stack contents disclosure (CVE-2021-22898)
[7.76.1-2]
- http2: fix resource leaks detected by Coverity
[7.76.1-1]
- new upstream release
[7.76.0-1]
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
CVE-2021-22876 - Automatic referer leaks credentials
[7.75.0-4]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[7.75.0-3]
- fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
[7.75.0-2]
- build-require python3-impacket only on Fedora
[7.75.0-1]
- new upstream release
[7.74.0-4]
- do not use stunnel for tests on s390x builds to avoid spurious failures
[7.74.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[7.74.0-2]
- do not rewrite shebangs in test-suite to use python3 explicitly
[7.74.0-1]
- new upstream release, which fixes the following vulnerabilities
CVE-2020-8286 - curl: Inferior OCSP verification
CVE-2020-8285 - libcurl: FTP wildcard stack overflow
CVE-2020-8284 - curl: trusting FTP PASV responses
[7.73.0-2]
- prevent upstream test 1451 from being skipped
[7.73.0-1]
- new upstream release
[7.72.0-2]
- fix multiarch conflicts in libcurl-minimal (#1877671)
[7.72.0-1]
- new upstream release, which fixes the following vulnerability
CVE-2020-8231 - libcurl: wrong connect-only connection
[7.71.1-5]
- setopt: unset NOBODY switches to GET if still HEAD
[7.71.1-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[7.71.1-3]
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
[7.71.1-2]
- curl: make the --krb option work again (#1833193)
[7.71.1-1]
- new upstream release
[7.71.0-1]
- new upstream release, which fixes the following vulnerabilities
CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
CVE-2020-8177 - curl: overwrite local file with -J
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_aarch64_appstream |
| curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_aarch64_baseos_latest | |
| curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_aarch64_u0_baseos_base | |
| curl-7.76.1-14.el9.aarch64.rpm | 19bc0ec3be1ff9967b9f9e3bd144cabda280eedb503f45881a11fdfd71e19323 | - | ol9_aarch64_baseos_latest | |
| curl-7.76.1-14.el9.aarch64.rpm | 19bc0ec3be1ff9967b9f9e3bd144cabda280eedb503f45881a11fdfd71e19323 | - | ol9_aarch64_u0_baseos_base | |
| curl-minimal-7.76.1-14.el9.aarch64.rpm | 09c4e6d89ce05c71616ac40608f3a699c925a238eedc513b8ade8de857feaa9d | - | ol9_aarch64_baseos_latest | |
| curl-minimal-7.76.1-14.el9.aarch64.rpm | 09c4e6d89ce05c71616ac40608f3a699c925a238eedc513b8ade8de857feaa9d | - | ol9_aarch64_u0_baseos_base | |
| libcurl-7.76.1-14.el9.aarch64.rpm | 3cf3547890d9223b593e205428ec5aa82f6a4804d5d9d22fa3e7e40f665f723a | - | ol9_aarch64_baseos_latest | |
| libcurl-7.76.1-14.el9.aarch64.rpm | 3cf3547890d9223b593e205428ec5aa82f6a4804d5d9d22fa3e7e40f665f723a | - | ol9_aarch64_u0_baseos_base | |
| libcurl-devel-7.76.1-14.el9.aarch64.rpm | 0ae3a6e691d59187a2c42c4e89bb7c01ee79f4eb0c11f0e3c3c8051b781bcd54 | - | ol9_aarch64_appstream | |
| libcurl-minimal-7.76.1-14.el9.aarch64.rpm | b9bc4226d4086e280ae968c4075b94a4ccba7b7a6b80ea9dd7fbd911b2a255b9 | - | ol9_aarch64_baseos_latest | |
| libcurl-minimal-7.76.1-14.el9.aarch64.rpm | b9bc4226d4086e280ae968c4075b94a4ccba7b7a6b80ea9dd7fbd911b2a255b9 | - | ol9_aarch64_u0_baseos_base | |
| Oracle Linux 9 (x86_64) | curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_x86_64_appstream |
| curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_x86_64_baseos_latest | |
| curl-7.76.1-14.el9.src.rpm | 3d94e645ab27a914e93458799a543a33a5aaaef2f4992767f6d9c39fa9957f62 | - | ol9_x86_64_u0_baseos_base | |
| curl-7.76.1-14.el9.x86_64.rpm | 7e9b0b33a6ba45af8360e1d2b893b8597915ad80d11879ab71bea9b396d39e30 | - | ol9_x86_64_baseos_latest | |
| curl-7.76.1-14.el9.x86_64.rpm | 7e9b0b33a6ba45af8360e1d2b893b8597915ad80d11879ab71bea9b396d39e30 | - | ol9_x86_64_u0_baseos_base | |
| curl-minimal-7.76.1-14.el9.x86_64.rpm | 9ad635841407401a1009f8218f139780d372e5369d4d70d85ed0d958d6dba979 | - | ol9_x86_64_baseos_latest | |
| curl-minimal-7.76.1-14.el9.x86_64.rpm | 9ad635841407401a1009f8218f139780d372e5369d4d70d85ed0d958d6dba979 | - | ol9_x86_64_u0_baseos_base | |
| libcurl-7.76.1-14.el9.i686.rpm | 59cafc85fc05915baa2ed52ae348c6311d998ce7c1043889319e4b255a593e56 | - | ol9_x86_64_baseos_latest | |
| libcurl-7.76.1-14.el9.i686.rpm | 59cafc85fc05915baa2ed52ae348c6311d998ce7c1043889319e4b255a593e56 | - | ol9_x86_64_u0_baseos_base | |
| libcurl-7.76.1-14.el9.x86_64.rpm | c34fad3df5ac27fea91e6ba80726564e7b2d093f0a8f662043806e08ff2c58c5 | - | ol9_x86_64_baseos_latest | |
| libcurl-7.76.1-14.el9.x86_64.rpm | c34fad3df5ac27fea91e6ba80726564e7b2d093f0a8f662043806e08ff2c58c5 | - | ol9_x86_64_u0_baseos_base | |
| libcurl-devel-7.76.1-14.el9.i686.rpm | ef3c68f486e03a9539b854e31604da010b62e4523d56f80a6c5f9657ad521a99 | - | ol9_x86_64_appstream | |
| libcurl-devel-7.76.1-14.el9.x86_64.rpm | d49ed66aca48309fe1b98a52e96bca02716561258119618c8dbbc1eff29edc12 | - | ol9_x86_64_appstream | |
| libcurl-minimal-7.76.1-14.el9.i686.rpm | 74e836a14977943f23c9f07a14bd34510a6656aa09abf1e2cad2a2587d20e0c2 | - | ol9_x86_64_baseos_latest | |
| libcurl-minimal-7.76.1-14.el9.i686.rpm | 74e836a14977943f23c9f07a14bd34510a6656aa09abf1e2cad2a2587d20e0c2 | - | ol9_x86_64_u0_baseos_base | |
| libcurl-minimal-7.76.1-14.el9.x86_64.rpm | 1cd8fd528f47172f0cb20a8443837600affbf72595855c3e1c9104b1c1c911bc | - | ol9_x86_64_baseos_latest | |
| libcurl-minimal-7.76.1-14.el9.x86_64.rpm | 1cd8fd528f47172f0cb20a8443837600affbf72595855c3e1c9104b1c1c911bc | - | ol9_x86_64_u0_baseos_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
