curl-7.61.1-30.el8.2.ML.1

エラータID: AXSA:2023-6186:10

Release date: 
Friday, June 30, 2023 - 05:52
Subject: 
curl-7.61.1-30.el8.2.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: FTP too eager connection reuse (CVE-2023-27535)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Cannot upload files to Jscape SFTP server: file gets created empty

CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.61.1-30.el8.2.ML.1.src.rpm
    MD5: 94d88ec3701a31fdc5b76c2f09752685
    SHA-256: 082caed120591292e53b809d6c2e70ee58c3b717d67d258e54d325c5d2dba1b4
    Size: 2.49 MB

Asianux Server 8 for x86_64
  1. curl-7.61.1-30.el8.2.ML.1.x86_64.rpm
    MD5: 57da8c6b3d5e6a6ce9c5a7723461be0d
    SHA-256: 74924a13de9b0af82bb20b1cfc9ea2c508b5833fc3a6fb2e41222ea3eee02cfe
    Size: 351.91 kB
  2. libcurl-7.61.1-30.el8.2.ML.1.i686.rpm
    MD5: 902f5879cdbfc32adb0964b4db32bfb8
    SHA-256: c5b626824ebbf1b8c918cbfce30f8fbad5e5e18ec6cd8759f7d018cd169e14ef
    Size: 330.36 kB
  3. libcurl-7.61.1-30.el8.2.ML.1.x86_64.rpm
    MD5: 86ecfecf806b11e0619db7ebf1d0ca07
    SHA-256: e279cace38e7dee47655e3806ccd0715d318d0a0abbc17e9f4ee589a7d7bc2fc
    Size: 302.23 kB
  4. libcurl-devel-7.61.1-30.el8.2.ML.1.i686.rpm
    MD5: 62aa9d45f3c8cc702ad02feaad43e538
    SHA-256: d131344513bba621d78d007b7f22c1b4e01cab2140a28bd90bb11e6f67e61021
    Size: 834.20 kB
  5. libcurl-devel-7.61.1-30.el8.2.ML.1.x86_64.rpm
    MD5: a40e34bd716098c6dd672a30e344a320
    SHA-256: 08fc7e105b116ff3a44f7c8b0c654e002861914a2a15661dc211dd7bac8da11c
    Size: 834.15 kB
  6. libcurl-minimal-7.61.1-30.el8.2.ML.1.i686.rpm
    MD5: 3c14ecaae884ca9707ea9ea50b8bd8d4
    SHA-256: 8ac92f77a604ab3036d2e7cce9b3c6a7596896cecf44a488c8c65c5816e0542c
    Size: 315.48 kB
  7. libcurl-minimal-7.61.1-30.el8.2.ML.1.x86_64.rpm
    MD5: 8c8c15d875c83b9f18841eb1e26950dc
    SHA-256: 5b3d15a0d0cea307b1dd7cad9658743b86340b9e01384f26a25376368c30f3e1
    Size: 288.75 kB