curl-7.76.1-29.el9_4.1

エラータID: AXSA:2024-8698:05

Release date: 
Thursday, August 22, 2024 - 15:05
Subject: 
curl-7.76.1-29.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: HTTP/2 push headers memory-leak (CVE-2024-2398)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.

Solution: 

Update packages.

CVEs: 
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
Additional Info: 

N/A

Download: 

SRPMS
  1. curl-7.76.1-29.el9_4.1.src.rpm
    MD5: 73baf7b887d9675bf133066fd9b3749e
    SHA-256: fe6d486a1f46667cd49d0ddbf14d977e79e61287aa752ad05c4fbbd6b9f199a6
    Size: 2.43 MB

Asianux Server 9 for x86_64
  1. curl-7.76.1-29.el9_4.1.x86_64.rpm
    MD5: a9db00758ce1c79b0a004a062490da5f
    SHA-256: ad81f6b010dd576ef2427136159461e5e3a6ae88fd24c689bc9f501b989e9eef
    Size: 292.88 kB
  2. curl-minimal-7.76.1-29.el9_4.1.x86_64.rpm
    MD5: 6d76d7734ff68ee0358674934c5bec1e
    SHA-256: 1101d52fffc02012527ea5cf4c794fea9a6a4334004c4815b1956165655ed7d8
    Size: 126.54 kB
  3. libcurl-7.76.1-29.el9_4.1.i686.rpm
    MD5: e933958382f30bc1d5b71a025ee6d8e9
    SHA-256: cf6e2f8b71f7c1a7051c46561c91808c687b1d5deb06fdeab40d7efbe72639ee
    Size: 309.65 kB
  4. libcurl-7.76.1-29.el9_4.1.x86_64.rpm
    MD5: 8dfc79037acd5cb3af001e63a457c691
    SHA-256: b41d42bb622097db2df62ab2f483451cd9df484963ab99ac5f2b561d8e54e746
    Size: 282.86 kB
  5. libcurl-devel-7.76.1-29.el9_4.1.i686.rpm
    MD5: a1583ba7fa26749a2fa0478e023e4053
    SHA-256: 40e398dacebfdcbe66e7889caaa436bdc4cd6331a9e1f90f6b26d71edbbfd04d
    Size: 0.96 MB
  6. libcurl-devel-7.76.1-29.el9_4.1.x86_64.rpm
    MD5: 808d265033cc0f5ac590551658537e99
    SHA-256: 1233fb4ec0c5dd8682a608986a10dfffdcc51dde20e1e6311254f174e98e303c
    Size: 0.96 MB
  7. libcurl-minimal-7.76.1-29.el9_4.1.i686.rpm
    MD5: f102790d7887b9f89a84595fb1319b1d
    SHA-256: 86c3296a855bc73118755ac9a5337a8b1de7c4a6cbf5366473026afbdbe0456c
    Size: 244.57 kB
  8. libcurl-minimal-7.76.1-29.el9_4.1.x86_64.rpm
    MD5: afd17c46b6b58a63aba7b72949e2aaf2
    SHA-256: e4563d305cf51c7b583487e840c75cbd0347189e0ac4f8be1dbfc7a6af5ab540
    Size: 224.33 kB