curl-7.76.1-19.el9.1

エラータID: AXSA:2023-5060:03

Release date: 
Friday, February 10, 2023 - 11:23
Subject: 
curl-7.76.1-19.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: POST following PUT confusion (CVE-2022-32221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-32221
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Solution: 

Update packages.

CVEs: 
CVE-2022-32221
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.76.1-19.el9.1.src.rpm
    MD5: d1290592f1b78bedd51b75c65843ab95
    SHA-256: 98d8687db39452e2f0fc089e1414c3d3cb3ada2502cdcdbcbc26384c8e62da27
    Size: 2.39 MB

Asianux Server 9 for x86_64
  1. curl-7.76.1-19.el9.1.x86_64.rpm
    MD5: 9f249be377a1f30b5cd22d23662fa413
    SHA-256: 38880f18b168e726029f4cc8ac8f28c5b2032d73f86d4e54614b46c120af94b9
    Size: 294.63 kB
  2. curl-minimal-7.76.1-19.el9.1.x86_64.rpm
    MD5: 02bae1ab58fee552b74a73d566008cf6
    SHA-256: 8d07c0e88861055f7a6d29b382374c9c9fa3e3ff37392bcd6a1c0af04b067ae7
    Size: 128.27 kB
  3. libcurl-7.76.1-19.el9.1.x86_64.rpm
    MD5: 3b5d52102c907b39ff8b6a4ecb7ca88e
    SHA-256: 162c105eda6f3b9537f42616c988f9f0ee5d94b9f76e7cd29fd7fe8e46b47f0b
    Size: 285.36 kB
  4. libcurl-devel-7.76.1-19.el9.1.x86_64.rpm
    MD5: d6863fc131d7fd86be7cdccc2593c67d
    SHA-256: e99b712382059c0990f11c7af7863cbafe65b24afada06110e43e6d3bf959def
    Size: 850.13 kB
  5. libcurl-minimal-7.76.1-19.el9.1.x86_64.rpm
    MD5: 28e61b05113606d9e43b08e35fddb5fe
    SHA-256: 9054345deefab245b2fbd3e7d26d43813567a1c5eba3041ce4e84390e9276dc9
    Size: 226.00 kB
  6. libcurl-7.76.1-19.el9.1.i686.rpm
    MD5: cd4b87660205afb8f3cf33d2bcee1b74
    SHA-256: 3342bb6c7047d6116bdaf4209836389dd4fb3926483b94c5b86d4ae5b489ce4b
    Size: 311.21 kB
  7. libcurl-devel-7.76.1-19.el9.1.i686.rpm
    MD5: dd1d61cb04a5df332015cb3299d9d1f8
    SHA-256: d5ed0da5dedf1f84e6713670dbfe62222927820a7712431e96865066daf2eb00
    Size: 850.17 kB
  8. libcurl-minimal-7.76.1-19.el9.1.i686.rpm
    MD5: b6dee15cbf8854b8b1cc0f8f82b571ed
    SHA-256: 67e1a59ad2627223dc9088870a987e5bb5a89f4fb5725289822b1950744b7852
    Size: 246.35 kB