Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:3106

Опубликовано: 18 мая 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: FTP too eager connection reuse (CVE-2023-27535)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Cannot upload files to Jscape SFTP server: file gets created empty (BZ#2188029)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
curlx86_6430.el8_8.2curl-7.61.1-30.el8_8.2.x86_64.rpm
libcurlx86_6430.el8_8.2libcurl-7.61.1-30.el8_8.2.x86_64.rpm
libcurl-develx86_6430.el8_8.2libcurl-devel-7.61.1-30.el8_8.2.x86_64.rpm
libcurl-minimalx86_6430.el8_8.2libcurl-minimal-7.61.1-30.el8_8.2.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-27535

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-27535

CVSS3: 5.9
ubuntu
около 2 лет назад

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

redhat логотип

CVE-2023-27535

CVSS3: 5.9
redhat
больше 2 лет назад

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

nvd логотип

CVE-2023-27535

CVSS3: 5.9
nvd
около 2 лет назад

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

msrc логотип

CVE-2023-27535

CVSS3: 5.9
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-27535

CVSS3: 5.9
debian
около 2 лет назад

An authentication bypass vulnerability exists in libcurl <8.0.0 in the ...