ELSA-2022-8299

ELSA-2022-8299 - curl security update

Type:SECURITY
Severity:LOW
Release Date:2022-11-22

Description


[7.76.1-19]
- fix unpreserved file permissions (CVE-2022-32207)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

[7.76.1-18]
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

[7.76.1-17]
- fix leak of SRP credentials in redirects (CVE-2022-27774)

[7.76.1-16]
- add missing tests to Makefile

[7.76.1-15]
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)


Related CVEs


CVE-2022-27775

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 9 (aarch64) curl-7.76.1-19.el9.src.rpm55f79ea41068b7f220c3a241d9c47d92-
curl-7.76.1-19.el9.aarch64.rpm078b095b3d9b1ec9d40d07852f07c58d-
curl-minimal-7.76.1-19.el9.aarch64.rpmc22d447e6e79772ead4b7a66180497ee-
libcurl-7.76.1-19.el9.aarch64.rpm3e22e1b34d9754ed63fcc1f1322f9b2d-
libcurl-devel-7.76.1-19.el9.aarch64.rpmd311170d2164c09e3e640ae334c88ee3-
libcurl-minimal-7.76.1-19.el9.aarch64.rpm9c60efb5c3bbb4786a7a287b6082c477-
Oracle Linux 9 (x86_64) curl-7.76.1-19.el9.src.rpm55f79ea41068b7f220c3a241d9c47d92-
curl-7.76.1-19.el9.x86_64.rpma3bd65a992544e99e1fff7ad835bbd8e-
curl-minimal-7.76.1-19.el9.x86_64.rpmc23d220acb7de782c84fada58c1c2378-
libcurl-7.76.1-19.el9.i686.rpm0d876417e8467a977abff5fe8f528671-
libcurl-7.76.1-19.el9.x86_64.rpm07b3ed38b36e67287a5bd2f888638e20-
libcurl-devel-7.76.1-19.el9.i686.rpm267de44ecf5b883c8ee4b5d35375f0ec-
libcurl-devel-7.76.1-19.el9.x86_64.rpmef4fcd4990b9ffffb02d6c17b9f0e944-
libcurl-minimal-7.76.1-19.el9.i686.rpmfab4e0f60ab69fce7e7651f822f7ae44-
libcurl-minimal-7.76.1-19.el9.x86_64.rpmaf9882f1543dc2d4fa0d67b6e25ed3b2-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete