Описание
ELSA-2023-2478: curl security update (LOW)
[7.76.1-23]
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
[7.76.1-22]
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
[7.76.1-21]
- fix POST following PUT confusion (CVE-2022-32221)
[7.76.1-20]
- control code in cookie denial of service (CVE-2022-35252)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
curl
7.76.1-23.el9
curl-minimal
7.76.1-23.el9
libcurl
7.76.1-23.el9
libcurl-devel
7.76.1-23.el9
libcurl-minimal
7.76.1-23.el9
Oracle Linux x86_64
curl
7.76.1-23.el9
curl-minimal
7.76.1-23.el9
libcurl
7.76.1-23.el9
libcurl-devel
7.76.1-23.el9
libcurl-minimal
7.76.1-23.el9
Связанные CVE
Связанные уязвимости
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
