curl-7.76.1-23.el9
エラータID: AXSA:2023-5467:07
リリース日:
2023/05/23 Tuesday - 07:57
題名:
curl-7.76.1-23.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- curl には、制御文字を含むクッキーを受け入れてしまう問題があるため、
制御文字を含むクッキーの送信を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2022-35252)
- curl には、SMB または TELNET プロトコルのトンネリングが拒否された
際に解放後利用を引き起こす脆弱性が存在します。(CVE-2022-43552)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.76.1-23.el9.src.rpm
MD5: af3e54c4fac08d70103903c6bb50e403
SHA-256: 00b858ac2147d5587f59fb9d4105a11164c55656e9ed8df74763821f191fce30
Size: 2.40 MB
Asianux Server 9 for x86_64
- curl-7.76.1-23.el9.x86_64.rpm
MD5: c4926aac74b06b0751d7c884970a67ef
SHA-256: f123acc51785e7388b3996afcaef02a155a799b074adc043485379e7d46fd938
Size: 294.48 kB - curl-minimal-7.76.1-23.el9.x86_64.rpm
MD5: c0487eb1aa0829ce35d4f8a63cf062d7
SHA-256: c7723bab6fe3f6068b415b9a5ed1081939d72dba8633110ac616cb5c500b617b
Size: 127.88 kB - libcurl-7.76.1-23.el9.i686.rpm
MD5: d7747805c8f7ddf009e4fc89844eadbb
SHA-256: 7600ceb152e9f496b378f6c6a3530c0e7baaca4571787ac9d3cbe51bcee145a5
Size: 310.94 kB - libcurl-7.76.1-23.el9.x86_64.rpm
MD5: 1fbc951e204d97077a0a9f51ef89a01e
SHA-256: 3615ba997b3f3115ad8867960d53f4da18b2f7e07359ea4a08ee48be6bea6c7c
Size: 284.95 kB - libcurl-devel-7.76.1-23.el9.i686.rpm
MD5: d1582c062dbd6d7c8d19ec478204df25
SHA-256: a03c87c07681af83964fa6328b262a7037acebe3f7c6bddf43009c0e5e7c9bc5
Size: 849.80 kB - libcurl-devel-7.76.1-23.el9.x86_64.rpm
MD5: ba3e3e7bb27ea50a234606fbb7f8bd45
SHA-256: c83aea61660270ebda8b60f175860eddfd246cabf7218fbb0deaae64adb97321
Size: 849.76 kB - libcurl-minimal-7.76.1-23.el9.i686.rpm
MD5: 67b6ed72a0b34fe709c26f57f87c8e1c
SHA-256: e28854d6a1b5eb2eb20e57f016dc9625da79bdb0f387af1fc515cfd29b87b4ab
Size: 246.09 kB - libcurl-minimal-7.76.1-23.el9.x86_64.rpm
MD5: 46abae09f8fcaeac1802b9f94a37dd25
SHA-256: 3b4ad88d6f293640a13d346e8a4d54212e38e76b4033a9afc358687dcb47d1ac
Size: 225.75 kB