Type: | SECURITY |
Severity: | MODERATE |
Release Date: | 2021-11-16 |
[7.61.1-22]
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
[7.61.1-21]
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded
[7.61.1-20]
- fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch
[7.61.1-19]
- make curl --head file:// work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)
CVE-2021-22876 |
CVE-2021-22898 |
CVE-2021-22925 |
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
Oracle Linux 8 (aarch64) | curl-7.61.1-22.el8.src.rpm | 7d7bbbd27924fb7ff6e257bf18c9efd2 | - |
curl-7.61.1-22.el8.aarch64.rpm | c21b1dbb300786544ac171d2e4bc17b8 | - | |
libcurl-7.61.1-22.el8.aarch64.rpm | 7a4771b13a44545dba6016cfeeeb9d32 | - | |
libcurl-devel-7.61.1-22.el8.aarch64.rpm | 95f2113258b5bfc21994353de181f87a | - | |
libcurl-minimal-7.61.1-22.el8.aarch64.rpm | e2d0a1a9d114d8e0562a0eabfa66f564 | - | |
Oracle Linux 8 (x86_64) | curl-7.61.1-22.el8.src.rpm | 7d7bbbd27924fb7ff6e257bf18c9efd2 | - |
curl-7.61.1-22.el8.x86_64.rpm | 1bc82154c31007b7394b1bda8339a8a8 | - | |
libcurl-7.61.1-22.el8.i686.rpm | 6fee822fa41a4b2927cb6b5cac49a355 | - | |
libcurl-7.61.1-22.el8.x86_64.rpm | b13c38e52deb5e412285813def015aa0 | - | |
libcurl-devel-7.61.1-22.el8.i686.rpm | 45edc90719f70d865ea3df6a1879218a | - | |
libcurl-devel-7.61.1-22.el8.x86_64.rpm | 8a17069300456fea5ad00023e2e8f2df | - | |
libcurl-minimal-7.61.1-22.el8.i686.rpm | b3dba66a2d903494d08faeafd9e00572 | - | |
libcurl-minimal-7.61.1-22.el8.x86_64.rpm | cec3c426e35b91404c11a083eff5adbd | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team