curl-7.61.1-30.el8.3
エラータID: AXSA:2023-6337:12
Release date:
Wednesday, August 16, 2023 - 07:13
Subject:
curl-7.61.1-30.el8.3
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP, FTP, and
LDAP.
Security Fix(es):
curl: GSS delegation too eager connection re-use (CVE-2023-27536)
curl: IDN wildcard match may lead to Improper Cerificate Validation
(CVE-2023-28321)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2023-27536
CVE-2023-28321
Solution:
Update packages.
CVEs:
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
Additional Info:
N/A
Download:
SRPMS
- curl-7.61.1-30.el8.3.src.rpm
MD5: dd41e91ada0c5295a56bc3583f172f62
SHA-256: 3b2c3993a25f3ee5dad2a58a48a03aa2115964a03084a26b4c8112a2981f0dfe
Size: 2.49 MB
Asianux Server 8 for x86_64
- curl-7.61.1-30.el8.3.x86_64.rpm
MD5: 926f5dec63d485c7e6d0a00337d329d9
SHA-256: 9d7d38f7f5f9723e6a0fa2ebea83ee810d5ea2daf4d5314ca650b5f86e700af0
Size: 352.00 kB - libcurl-7.61.1-30.el8.3.i686.rpm
MD5: 0457fc965bfa227d5b64f5041e93e9f2
SHA-256: 1bccafb92ebe38ddbd15ea13b480b303c54979174ecc4344b51df99f5c2553aa
Size: 330.43 kB - libcurl-7.61.1-30.el8.3.x86_64.rpm
MD5: 877f59b6686d44bd45d4ebcf02ba9508
SHA-256: 1871ffd1b53501bc4346f2a51ad2e2eccfc445a8b2ac480fc39e7e7c3478e2ac
Size: 302.28 kB - libcurl-devel-7.61.1-30.el8.3.i686.rpm
MD5: ad5f2ef1152b5a2168e6d16be2ecce88
SHA-256: 8d39a2d3e385f2d182a82f1f75dfa15b291a0980932fd3442a3984645a59673d
Size: 834.26 kB - libcurl-devel-7.61.1-30.el8.3.x86_64.rpm
MD5: 759d2c9841fb59dcdb8460373dbe6ffc
SHA-256: d21add072879b329e0ce0d21f18281fb8a057c64f2cae9264fd3ca2c2724d6de
Size: 834.21 kB - libcurl-minimal-7.61.1-30.el8.3.i686.rpm
MD5: e88463f4dae9d40d45ffd4a95ad136a6
SHA-256: 41c0dd0bc957c3f833401665562cff718749baecccf306388633859d53bd78c0
Size: 315.57 kB - libcurl-minimal-7.61.1-30.el8.3.x86_64.rpm
MD5: e8182c8d4445e7e0f9045528b761b888
SHA-256: 3d1bd44b29a1aed7a6741f3ef3dce6f12ad7ae7709bf88ffc476fc1b45fbf15f
Size: 288.90 kB
日本語