curl-7.61.1-30.el8.2.ML.1
エラータID: AXSA:2023-6186:10
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: FTP too eager connection reuse (CVE-2023-27535)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Cannot upload files to Jscape SFTP server: file gets created empty
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
Update packages.
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
N/A
SRPMS
- curl-7.61.1-30.el8.2.ML.1.src.rpm
MD5: 94d88ec3701a31fdc5b76c2f09752685
SHA-256: 082caed120591292e53b809d6c2e70ee58c3b717d67d258e54d325c5d2dba1b4
Size: 2.49 MB
Asianux Server 8 for x86_64
- curl-7.61.1-30.el8.2.ML.1.x86_64.rpm
MD5: 57da8c6b3d5e6a6ce9c5a7723461be0d
SHA-256: 74924a13de9b0af82bb20b1cfc9ea2c508b5833fc3a6fb2e41222ea3eee02cfe
Size: 351.91 kB - libcurl-7.61.1-30.el8.2.ML.1.i686.rpm
MD5: 902f5879cdbfc32adb0964b4db32bfb8
SHA-256: c5b626824ebbf1b8c918cbfce30f8fbad5e5e18ec6cd8759f7d018cd169e14ef
Size: 330.36 kB - libcurl-7.61.1-30.el8.2.ML.1.x86_64.rpm
MD5: 86ecfecf806b11e0619db7ebf1d0ca07
SHA-256: e279cace38e7dee47655e3806ccd0715d318d0a0abbc17e9f4ee589a7d7bc2fc
Size: 302.23 kB - libcurl-devel-7.61.1-30.el8.2.ML.1.i686.rpm
MD5: 62aa9d45f3c8cc702ad02feaad43e538
SHA-256: d131344513bba621d78d007b7f22c1b4e01cab2140a28bd90bb11e6f67e61021
Size: 834.20 kB - libcurl-devel-7.61.1-30.el8.2.ML.1.x86_64.rpm
MD5: a40e34bd716098c6dd672a30e344a320
SHA-256: 08fc7e105b116ff3a44f7c8b0c654e002861914a2a15661dc211dd7bac8da11c
Size: 834.15 kB - libcurl-minimal-7.61.1-30.el8.2.ML.1.i686.rpm
MD5: 3c14ecaae884ca9707ea9ea50b8bd8d4
SHA-256: 8ac92f77a604ab3036d2e7cce9b3c6a7596896cecf44a488c8c65c5816e0542c
Size: 315.48 kB - libcurl-minimal-7.61.1-30.el8.2.ML.1.x86_64.rpm
MD5: 8c8c15d875c83b9f18841eb1e26950dc
SHA-256: 5b3d15a0d0cea307b1dd7cad9658743b86340b9e01384f26a25376368c30f3e1
Size: 288.75 kB