Описание
ELSA-2023-2963: curl security and bug fix update (LOW)
[7.61.1-30]
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
[7.61.1-29]
- h2: lower initial window size to 32 MiB (#2166254)
[7.61.1-28]
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
[7.61.1-27]
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
[7.61.1-26]
- control code in cookie denial of service (CVE-2022-35252)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
curl
7.61.1-30.el8
libcurl
7.61.1-30.el8
libcurl-devel
7.61.1-30.el8
libcurl-minimal
7.61.1-30.el8
Oracle Linux x86_64
curl
7.61.1-30.el8
libcurl
7.61.1-30.el8
libcurl-devel
7.61.1-30.el8
libcurl-minimal
7.61.1-30.el8
Связанные CVE
Связанные уязвимости
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
