ELSA-2021-4511

ULN >
Oracle Linux Errata repository >
ELSA-2021-4511

ELSA-2021-4511 - curl security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-11-16

Description

[7.61.1-22]
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

[7.61.1-21]
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded

[7.61.1-20]
- fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

[7.61.1-19]
- make curl --head file:// work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)

Related CVEs

CVE-2021-22876

CVE-2021-22925

CVE-2021-22898

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_aarch64_baseos_latest
	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_aarch64_u5_baseos_base
	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_aarch64_u6_baseos_base
	curl-7.61.1-22.el8.aarch64.rpm	6decc505304f15ca6cba7ac31121ab5d053caca6bf7f962c9bec2e3660446e89	-	ol8_aarch64_baseos_latest
	curl-7.61.1-22.el8.aarch64.rpm	6decc505304f15ca6cba7ac31121ab5d053caca6bf7f962c9bec2e3660446e89	-	ol8_aarch64_u5_baseos_base
	curl-7.61.1-22.el8.aarch64.rpm	6decc505304f15ca6cba7ac31121ab5d053caca6bf7f962c9bec2e3660446e89	-	ol8_aarch64_u6_baseos_base
	libcurl-7.61.1-22.el8.aarch64.rpm	70e3a318578a74b736af5286e9283c97a8428170ec458b09a0a4c2fad9c905e2	-	ol8_aarch64_baseos_latest
	libcurl-7.61.1-22.el8.aarch64.rpm	70e3a318578a74b736af5286e9283c97a8428170ec458b09a0a4c2fad9c905e2	-	ol8_aarch64_u5_baseos_base
	libcurl-7.61.1-22.el8.aarch64.rpm	70e3a318578a74b736af5286e9283c97a8428170ec458b09a0a4c2fad9c905e2	-	ol8_aarch64_u6_baseos_base
	libcurl-devel-7.61.1-22.el8.aarch64.rpm	6c408ec60c77a68483fced01985d0f36c1ea64abb30bf2e5b458a22751b9e3c9	-	ol8_aarch64_baseos_latest
	libcurl-devel-7.61.1-22.el8.aarch64.rpm	6c408ec60c77a68483fced01985d0f36c1ea64abb30bf2e5b458a22751b9e3c9	-	ol8_aarch64_u5_baseos_base
	libcurl-devel-7.61.1-22.el8.aarch64.rpm	6c408ec60c77a68483fced01985d0f36c1ea64abb30bf2e5b458a22751b9e3c9	-	ol8_aarch64_u6_baseos_base
	libcurl-minimal-7.61.1-22.el8.aarch64.rpm	4134cd551ef62b156b69b19a3ccb3fb74b2b6ea3d6989dae85501eb1b8afa7ad	-	ol8_aarch64_baseos_latest
	libcurl-minimal-7.61.1-22.el8.aarch64.rpm	4134cd551ef62b156b69b19a3ccb3fb74b2b6ea3d6989dae85501eb1b8afa7ad	-	ol8_aarch64_u5_baseos_base
	libcurl-minimal-7.61.1-22.el8.aarch64.rpm	4134cd551ef62b156b69b19a3ccb3fb74b2b6ea3d6989dae85501eb1b8afa7ad	-	ol8_aarch64_u6_baseos_base

Oracle Linux 8 (x86_64)	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_x86_64_baseos_latest
	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_x86_64_u5_baseos_base
	curl-7.61.1-22.el8.src.rpm	0f731957c939f02fb0fc9ac0b39af240e28cc5bc9c487af885aac1f227819e1f	-	ol8_x86_64_u6_baseos_base
	curl-7.61.1-22.el8.x86_64.rpm	1b41a3e3bc5f76ab97a992de89c9e1f3e3be2bf9ff107bfd45d0c8ee0c1b5f61	-	ol8_x86_64_baseos_latest
	curl-7.61.1-22.el8.x86_64.rpm	1b41a3e3bc5f76ab97a992de89c9e1f3e3be2bf9ff107bfd45d0c8ee0c1b5f61	-	ol8_x86_64_u5_baseos_base
	curl-7.61.1-22.el8.x86_64.rpm	1b41a3e3bc5f76ab97a992de89c9e1f3e3be2bf9ff107bfd45d0c8ee0c1b5f61	-	ol8_x86_64_u6_baseos_base
	libcurl-7.61.1-22.el8.i686.rpm	fa04c16b1a5b4b4937865183ee25722a29411025afd13f0211ac05b804d16dc2	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-22.el8.i686.rpm	fa04c16b1a5b4b4937865183ee25722a29411025afd13f0211ac05b804d16dc2	-	ol8_x86_64_u5_baseos_base
	libcurl-7.61.1-22.el8.i686.rpm	fa04c16b1a5b4b4937865183ee25722a29411025afd13f0211ac05b804d16dc2	-	ol8_x86_64_u6_baseos_base
	libcurl-7.61.1-22.el8.x86_64.rpm	36603061af83d03fce1f83ab9b29dcde9603389bdd40b5621a78ffcc6b9c3fa0	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-22.el8.x86_64.rpm	36603061af83d03fce1f83ab9b29dcde9603389bdd40b5621a78ffcc6b9c3fa0	-	ol8_x86_64_u5_baseos_base
	libcurl-7.61.1-22.el8.x86_64.rpm	36603061af83d03fce1f83ab9b29dcde9603389bdd40b5621a78ffcc6b9c3fa0	-	ol8_x86_64_u6_baseos_base
	libcurl-devel-7.61.1-22.el8.i686.rpm	2119192e9ee490650ff99c729bc3a7896cdd5e84b2b6db355044e33a63c6f1d5	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-22.el8.i686.rpm	2119192e9ee490650ff99c729bc3a7896cdd5e84b2b6db355044e33a63c6f1d5	-	ol8_x86_64_u5_baseos_base
	libcurl-devel-7.61.1-22.el8.i686.rpm	2119192e9ee490650ff99c729bc3a7896cdd5e84b2b6db355044e33a63c6f1d5	-	ol8_x86_64_u6_baseos_base
	libcurl-devel-7.61.1-22.el8.x86_64.rpm	04b1a69ceffcffdc2f47bda8c279c88541b426c356827ae0c446cfb067eaed28	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-22.el8.x86_64.rpm	04b1a69ceffcffdc2f47bda8c279c88541b426c356827ae0c446cfb067eaed28	-	ol8_x86_64_u5_baseos_base
	libcurl-devel-7.61.1-22.el8.x86_64.rpm	04b1a69ceffcffdc2f47bda8c279c88541b426c356827ae0c446cfb067eaed28	-	ol8_x86_64_u6_baseos_base
	libcurl-minimal-7.61.1-22.el8.i686.rpm	197682cb7834e4cf1733b445752639bc918ee4a5d026c193f4c224f5e4f22569	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-22.el8.i686.rpm	197682cb7834e4cf1733b445752639bc918ee4a5d026c193f4c224f5e4f22569	-	ol8_x86_64_u5_baseos_base
	libcurl-minimal-7.61.1-22.el8.i686.rpm	197682cb7834e4cf1733b445752639bc918ee4a5d026c193f4c224f5e4f22569	-	ol8_x86_64_u6_baseos_base
	libcurl-minimal-7.61.1-22.el8.x86_64.rpm	ec3c95ed8a8b215208955555059d065f37d76c26df185a03823acb1c1d6e9a37	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-22.el8.x86_64.rpm	ec3c95ed8a8b215208955555059d065f37d76c26df185a03823acb1c1d6e9a37	-	ol8_x86_64_u5_baseos_base
	libcurl-minimal-7.61.1-22.el8.x86_64.rpm	ec3c95ed8a8b215208955555059d065f37d76c26df185a03823acb1c1d6e9a37	-	ol8_x86_64_u6_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691