Stay Connected:

ELSA-2021-4511

ELSA-2021-4511 - curl security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2021-11-16

Description


[7.61.1-22]
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

[7.61.1-21]
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded

[7.61.1-20]
- fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch

[7.61.1-19]
- make curl --head file:// work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)


Related CVEs


CVE-2021-22876
CVE-2021-22898
CVE-2021-22925

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) curl-7.61.1-22.el8.src.rpm7d7bbbd27924fb7ff6e257bf18c9efd2-
curl-7.61.1-22.el8.aarch64.rpmc21b1dbb300786544ac171d2e4bc17b8-
libcurl-7.61.1-22.el8.aarch64.rpm7a4771b13a44545dba6016cfeeeb9d32-
libcurl-devel-7.61.1-22.el8.aarch64.rpm95f2113258b5bfc21994353de181f87a-
libcurl-minimal-7.61.1-22.el8.aarch64.rpme2d0a1a9d114d8e0562a0eabfa66f564-
Oracle Linux 8 (x86_64) curl-7.61.1-22.el8.src.rpm7d7bbbd27924fb7ff6e257bf18c9efd2-
curl-7.61.1-22.el8.x86_64.rpm1bc82154c31007b7394b1bda8339a8a8-
libcurl-7.61.1-22.el8.i686.rpm6fee822fa41a4b2927cb6b5cac49a355-
libcurl-7.61.1-22.el8.x86_64.rpmb13c38e52deb5e412285813def015aa0-
libcurl-devel-7.61.1-22.el8.i686.rpm45edc90719f70d865ea3df6a1879218a-
libcurl-devel-7.61.1-22.el8.x86_64.rpm8a17069300456fea5ad00023e2e8f2df-
libcurl-minimal-7.61.1-22.el8.i686.rpmb3dba66a2d903494d08faeafd9e00572-
libcurl-minimal-7.61.1-22.el8.x86_64.rpmcec3c426e35b91404c11a083eff5adbd-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights