curl-7.76.1-19.el9.1
エラータID: AXSA:2023-5060:03
リリース日:
2023/02/10 Friday - 11:23
題名:
curl-7.76.1-19.el9.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- curl には、read コールバックを誤って使用してしまう問題があるため、
リモートの攻撃者により、read コールバックを使用する PUT リクエスト
に続く POST リクエストの発行を介して、不正なデータの送信やメモリ
の解放後利用を可能とする脆弱性が存在します。(CVE-2022-32221)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-32221
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.76.1-19.el9.1.src.rpm
MD5: d1290592f1b78bedd51b75c65843ab95
SHA-256: 98d8687db39452e2f0fc089e1414c3d3cb3ada2502cdcdbcbc26384c8e62da27
Size: 2.39 MB
Asianux Server 9 for x86_64
- curl-7.76.1-19.el9.1.x86_64.rpm
MD5: 9f249be377a1f30b5cd22d23662fa413
SHA-256: 38880f18b168e726029f4cc8ac8f28c5b2032d73f86d4e54614b46c120af94b9
Size: 294.63 kB - curl-minimal-7.76.1-19.el9.1.x86_64.rpm
MD5: 02bae1ab58fee552b74a73d566008cf6
SHA-256: 8d07c0e88861055f7a6d29b382374c9c9fa3e3ff37392bcd6a1c0af04b067ae7
Size: 128.27 kB - libcurl-7.76.1-19.el9.1.x86_64.rpm
MD5: 3b5d52102c907b39ff8b6a4ecb7ca88e
SHA-256: 162c105eda6f3b9537f42616c988f9f0ee5d94b9f76e7cd29fd7fe8e46b47f0b
Size: 285.36 kB - libcurl-devel-7.76.1-19.el9.1.x86_64.rpm
MD5: d6863fc131d7fd86be7cdccc2593c67d
SHA-256: e99b712382059c0990f11c7af7863cbafe65b24afada06110e43e6d3bf959def
Size: 850.13 kB - libcurl-minimal-7.76.1-19.el9.1.x86_64.rpm
MD5: 28e61b05113606d9e43b08e35fddb5fe
SHA-256: 9054345deefab245b2fbd3e7d26d43813567a1c5eba3041ce4e84390e9276dc9
Size: 226.00 kB - libcurl-7.76.1-19.el9.1.i686.rpm
MD5: cd4b87660205afb8f3cf33d2bcee1b74
SHA-256: 3342bb6c7047d6116bdaf4209836389dd4fb3926483b94c5b86d4ae5b489ce4b
Size: 311.21 kB - libcurl-devel-7.76.1-19.el9.1.i686.rpm
MD5: dd1d61cb04a5df332015cb3299d9d1f8
SHA-256: d5ed0da5dedf1f84e6713670dbfe62222927820a7712431e96865066daf2eb00
Size: 850.17 kB - libcurl-minimal-7.76.1-19.el9.1.i686.rpm
MD5: b6dee15cbf8854b8b1cc0f8f82b571ed
SHA-256: 67e1a59ad2627223dc9088870a987e5bb5a89f4fb5725289822b1950744b7852
Size: 246.35 kB