curl-7.29.0-59.el7.2

エラータID: AXSA:2023-7014:15

Release date: 
Friday, December 15, 2023 - 01:55
Subject: 
curl-7.29.0-59.el7.2
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Solution: 

Update packages.

CVEs: 
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.29.0-59.el7.2.src.rpm
    MD5: 670cf3c6cbfa820e54c6b9883fb81c98
    SHA-256: 27c28c8cb3de6d256168459bf509ba4884b981790670c422c73045343578bdef
    Size: 2.33 MB

Asianux Server 7 for x86_64
  1. curl-7.29.0-59.el7.2.x86_64.rpm
    MD5: c01c2bb99ffd8eb71d01c22f9a4eaacc
    SHA-256: bb351ec290ac9da516521e2d2053ac50f3fe9b98d8266ef18080ae1e480c7abb
    Size: 270.04 kB
  2. libcurl-7.29.0-59.el7.2.i686.rpm
    MD5: 8a5bacc23a852f67aefbf331dddb20f7
    SHA-256: 472f4658192a00aebf3586442376fd8e7d5271d0200f2f3b7c562ecbcf3f03d5
    Size: 225.23 kB
  3. libcurl-7.29.0-59.el7.2.x86_64.rpm
    MD5: 0548c2dd32c3ace758c51dc7c7bf4db5
    SHA-256: fde44ec5c516bdc4e6ab3fad1dc3ff4309ac83f7afd6fa31e4b411c07d5a19c5
    Size: 222.52 kB
  4. libcurl-devel-7.29.0-59.el7.2.i686.rpm
    MD5: 13da3a2ed0a764449494b3f3ec482190
    SHA-256: 72fed2956914f551d66fbc5ceba636020fbe61b9867b54613ee98a0f0581197c
    Size: 302.37 kB
  5. libcurl-devel-7.29.0-59.el7.2.x86_64.rpm
    MD5: faf138911ff3666a28a65d6e78711518
    SHA-256: 4989ad65261033ff0168b2f3dd1c1a6d7c50433040f965e1fe0f7d9ee222f1d5
    Size: 302.30 kB