ELSA-2022-8299

ULN >
Oracle Linux Errata repository >
ELSA-2022-8299

ELSA-2022-8299 - curl security update

Type:	SECURITY
Severity:	LOW
Release Date:	2022-11-22

Description

[7.76.1-19]
- fix unpreserved file permissions (CVE-2022-32207)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

[7.76.1-18]
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

[7.76.1-17]
- fix leak of SRP credentials in redirects (CVE-2022-27774)

[7.76.1-16]
- add missing tests to Makefile

[7.76.1-15]
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Related CVEs

CVE-2022-27775

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 9 (aarch64)	curl-7.76.1-19.el9.src.rpm	55f79ea41068b7f220c3a241d9c47d92	-
	curl-7.76.1-19.el9.aarch64.rpm	078b095b3d9b1ec9d40d07852f07c58d	-
	curl-minimal-7.76.1-19.el9.aarch64.rpm	c22d447e6e79772ead4b7a66180497ee	-
	libcurl-7.76.1-19.el9.aarch64.rpm	3e22e1b34d9754ed63fcc1f1322f9b2d	-
	libcurl-devel-7.76.1-19.el9.aarch64.rpm	d311170d2164c09e3e640ae334c88ee3	-
	libcurl-minimal-7.76.1-19.el9.aarch64.rpm	9c60efb5c3bbb4786a7a287b6082c477	-

Oracle Linux 9 (x86_64)	curl-7.76.1-19.el9.src.rpm	55f79ea41068b7f220c3a241d9c47d92	-
	curl-7.76.1-19.el9.x86_64.rpm	a3bd65a992544e99e1fff7ad835bbd8e	-
	curl-minimal-7.76.1-19.el9.x86_64.rpm	c23d220acb7de782c84fada58c1c2378	-
	libcurl-7.76.1-19.el9.i686.rpm	0d876417e8467a977abff5fe8f528671	-
	libcurl-7.76.1-19.el9.x86_64.rpm	07b3ed38b36e67287a5bd2f888638e20	-
	libcurl-devel-7.76.1-19.el9.i686.rpm	267de44ecf5b883c8ee4b5d35375f0ec	-
	libcurl-devel-7.76.1-19.el9.x86_64.rpm	ef4fcd4990b9ffffb02d6c17b9f0e944	-
	libcurl-minimal-7.76.1-19.el9.i686.rpm	fab4e0f60ab69fce7e7651f822f7ae44	-
	libcurl-minimal-7.76.1-19.el9.x86_64.rpm	af9882f1543dc2d4fa0d67b6e25ed3b2	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691