Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933).
Список пакетов
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.37.0-70.60.1
libcurl4-openssl1-7.37.0-70.60.1
libcurl4-openssl1-32bit-7.37.0-70.60.1
libcurl4-openssl1-x86-7.37.0-70.60.1
Ссылки
- Link for SUSE-SU-2021:14707-1
- E-Mail link for SUSE-SU-2021:14707-1
- SUSE Security Ratings
- SUSE Bug 1183933
- SUSE CVE CVE-2021-22876 page
Описание
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
Затронутые продукты
SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.60.1
SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.60.1
SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.60.1
SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.60.1
Ссылки
- CVE-2021-22876
- SUSE Bug 1183933