ELSA-2022-5245

ELSA-2022-5245 - curl security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-06-30

Description

[7.76.1-14.el9_0.4]
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

[7.76.1-14.el9_0.3]
- fix leak of SRP credentials in redirects (CVE-2022-27774)

[7.76.1-14.el9_0.2]
- add missing tests to Makefile

[7.76.1-14.el9_0.1]
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Related CVEs

CVE-2022-22576

CVE-2022-27774

CVE-2022-27776

CVE-2022-27782

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 9 (aarch64)	curl-7.76.1-14.el9_0.4.src.rpm	3ff476f60241290d1db4d26947eac8b3	-
	curl-7.76.1-14.el9_0.4.aarch64.rpm	d38fc967189f37278d7c6353b7da7f48	-
	curl-minimal-7.76.1-14.el9_0.4.aarch64.rpm	4a32a9b1a70af9c8156c3be3395a7cba	-
	libcurl-7.76.1-14.el9_0.4.aarch64.rpm	c6f4ca8902828f04fd141d61ebd7668b	-
	libcurl-devel-7.76.1-14.el9_0.4.aarch64.rpm	9a9d7b5010cddeba2aba69fb3c3fafeb	-
	libcurl-minimal-7.76.1-14.el9_0.4.aarch64.rpm	90d745e2bbb8f61469db8ed32cb164dc	-
Oracle Linux 9 (x86_64)	curl-7.76.1-14.el9_0.4.src.rpm	3ff476f60241290d1db4d26947eac8b3	-
	curl-7.76.1-14.el9_0.4.x86_64.rpm	62b419bc35cc076e9be9d02df6ba6321	-
	curl-minimal-7.76.1-14.el9_0.4.x86_64.rpm	019590b19308afeba26ff1006795a404	-
	libcurl-7.76.1-14.el9_0.4.i686.rpm	6b36c88b9e18d9755be5e4c4fbe0b7d7	-
	libcurl-7.76.1-14.el9_0.4.x86_64.rpm	8eb529e84892b9fad7f5ba4f23f53ad0	-
	libcurl-devel-7.76.1-14.el9_0.4.i686.rpm	c180000c402ca70cac4ebc815f8f093a	-
	libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpm	0bf33a35082abd0410725f6de0c5a76a	-
	libcurl-minimal-7.76.1-14.el9_0.4.i686.rpm	43e4152149d0cd2f3a34457cf9bc131f	-
	libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpm	721e34670358581c13cf05b90c3d4465	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team