curl-7.61.1-22.el8

エラータID: AXSA:2021-2762:06

Release date: 
Tuesday, December 14, 2021 - 07:25
Subject: 
curl-7.61.1-22.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
* curl: TELNET stack contents disclosure (CVE-2021-22898)
* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-22876
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
CVE-2021-22925
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Solution: 

Update packages.

CVEs: 
CVE-2021-22876
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
CVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
CVE-2021-22925
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.61.1-22.el8.src.rpm
    MD5: 104ef097a4d636fd42fee1bbf5f21dc0
    SHA-256: 402386bd9e5a5d5e6b889fc7fbda2d527ee2ff7299eea74a54f06832b48832b8
    Size: 2.40 MB

Asianux Server 8 for x86_64
  1. curl-7.61.1-22.el8.x86_64.rpm
    MD5: 7cc1d8ac97adfcee3cc78dfcbc699e23
    SHA-256: e1d4dd82d7bc9e6b7d80e2a4b6f3d157b4e8319c2aa11bb512591d7d3566dc59
    Size: 350.40 kB
  2. libcurl-7.61.1-22.el8.x86_64.rpm
    MD5: b25e02da5bcb8e00c7165ad486460a5b
    SHA-256: f1ccb4696df4828a1c16749762f07efb57b88d5f62e5c08de61712718f1a759e
    Size: 299.46 kB
  3. libcurl-devel-7.61.1-22.el8.x86_64.rpm
    MD5: 07f4c2316cbe0864e36590e1c3153bc3
    SHA-256: 00d8761785d5afc7907d896fd12fbfafe803880f00cec12814ab06fa81c1dcfe
    Size: 832.55 kB
  4. libcurl-minimal-7.61.1-22.el8.x86_64.rpm
    MD5: 02ed36b34c68a240afbf9b3838da390a
    SHA-256: 92432527608d222bfc13b8e473af4260c4449b91833946ac5fbca7f55f27581c
    Size: 286.04 kB
  5. libcurl-7.61.1-22.el8.i686.rpm
    MD5: 8f51fc56e5dddcbdfae0c0310d63853c
    SHA-256: 851d45487b41e93ebbadac3badeb0cae8452d7c194fa461d291cba87500fb155
    Size: 327.19 kB
  6. libcurl-devel-7.61.1-22.el8.i686.rpm
    MD5: af583821259885deb618b5eba275b8a5
    SHA-256: 8dca8ea36b16a1d1991e44ccfb94c2fe7ff8cdb992a4ea8b04a9ad2ebfbf8a08
    Size: 832.61 kB
  7. libcurl-minimal-7.61.1-22.el8.i686.rpm
    MD5: ffe2277b9ca1699d30146e9167073cff
    SHA-256: feb6fb4490e9495b91955b94f5bff08872deaa1e1bf0d2f7970be4f7cd9f3602
    Size: 312.70 kB