Описание
ELSA-2022-8299: curl security update (LOW)
[7.76.1-19]
- fix unpreserved file permissions (CVE-2022-32207)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)
[7.76.1-18]
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
[7.76.1-17]
- fix leak of SRP credentials in redirects (CVE-2022-27774)
[7.76.1-16]
- add missing tests to Makefile
[7.76.1-15]
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
curl
7.76.1-19.el9
curl-minimal
7.76.1-19.el9
libcurl
7.76.1-19.el9
libcurl-devel
7.76.1-19.el9
libcurl-minimal
7.76.1-19.el9
Oracle Linux x86_64
curl
7.76.1-19.el9
curl-minimal
7.76.1-19.el9
libcurl
7.76.1-19.el9
libcurl-devel
7.76.1-19.el9
libcurl-minimal
7.76.1-19.el9
Связанные CVE
Связанные уязвимости
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
An information disclosure vulnerability exists in curl 7.65.0 to 7.82. ...