curl-7.76.1-26.el9_3.3
エラータID: AXSA:2024-7591:01
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
Update packages.
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
N/A
SRPMS
- curl-7.76.1-26.el9_3.3.src.rpm
MD5: 8b23d79c2db36d4777105dc412fc4dc7
SHA-256: 52e4310ae69b9dfdf58fb6499c49b95f0fab8cf87f162e1db7137511510c1912
Size: 2.43 MB
Asianux Server 9 for x86_64
- curl-7.76.1-26.el9_3.3.x86_64.rpm
MD5: f26f69bb10bd40d82b4260107e54ab31
SHA-256: 5262f17a6a330f880bad5c64ef36f31f24d2beb8f92bf55e51ca1d6bdacb7818
Size: 293.08 kB - curl-minimal-7.76.1-26.el9_3.3.x86_64.rpm
MD5: a0ac70b6339cf52c786e0a3724a15234
SHA-256: 6f122c5528b941db61f08584ce425002f832918844b5c7781e52e42fd275abcc
Size: 126.75 kB - libcurl-7.76.1-26.el9_3.3.i686.rpm
MD5: 204616944bef62f01ae0651816ee31b2
SHA-256: 4922fd4a282bc4ee01cc4debef075ac50253d9eb164a6dcd02e18396dc2ae3a9
Size: 309.92 kB - libcurl-7.76.1-26.el9_3.3.x86_64.rpm
MD5: 3543b81152903f8b91f4ad9f3e7443f5
SHA-256: cae697c567ff2df765b0d911ee744578c0ca83b370d24b5f033c2630e681feb7
Size: 283.86 kB - libcurl-devel-7.76.1-26.el9_3.3.i686.rpm
MD5: f585524e00b93482e804b51537a42992
SHA-256: 7699660d0efd455f70209f42ba5a5c65b3c0565cb8a5a934cd6237fc6ebf733a
Size: 0.96 MB - libcurl-devel-7.76.1-26.el9_3.3.x86_64.rpm
MD5: be6b41a97dad551c959a7749b601d75f
SHA-256: 18464e11891ec661e328c5923ae45a818ea3292c419a3f1b0bc8c4350ecec51f
Size: 0.96 MB - libcurl-minimal-7.76.1-26.el9_3.3.i686.rpm
MD5: 50661177b04d15301157ac71c8e51f68
SHA-256: 57899c387def483281a2b5f9dbe21eb86a4eba27ad89a1bee4d6618b2b600293
Size: 244.88 kB - libcurl-minimal-7.76.1-26.el9_3.3.x86_64.rpm
MD5: c1ccea171d4395f0ab5ca43e7e2bd201
SHA-256: 7312ae07126303cec05accad90097b7b8eea8586319e550b67eb54ce9af6a0e7
Size: 223.95 kB