curl-7.61.1-30.el8

エラータID: AXSA:2023-5803:08

リリース日: 
2023/06/05 Monday - 06:17
題名: 
curl-7.61.1-30.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

以下項目について対処しました。

[Security Fix]
- curl には、制御文字を含むクッキーを受け入れてしまう問題がある
ため、制御文字を含むクッキーの送信を介して、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2022-35252)

- curl には、SMB または TELNET プロトコルのトンネリングが拒否
された際に解放後利用を引き起こす脆弱性が存在します。
(CVE-2022-43552)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. curl-7.61.1-30.el8.src.rpm
    MD5: d1b85eb128958c5373893329bd44553d
    SHA-256: d360f77eda95cd5f89adc5d9da3fc0f5aedecc132ac3bb38a09765fd094324e8
    Size: 2.43 MB

Asianux Server 8 for x86_64
  1. curl-7.61.1-30.el8.x86_64.rpm
    MD5: 4f94b3cbc0ce41874f7e8ba575768e11
    SHA-256: a825fcb4ceed522cc27f3e46ed9d690f797bfc53d7224818786cbe8ae7c997f6
    Size: 351.55 kB
  2. libcurl-7.61.1-30.el8.i686.rpm
    MD5: 660885382b804eb6cd7bf79ef60baa79
    SHA-256: ac1e8fa38356232c847d616afca0a16b578aecd94d3d27039dd0218debdb48b6
    Size: 329.69 kB
  3. libcurl-7.61.1-30.el8.x86_64.rpm
    MD5: 7df85515b66a626f76fa006d6ab72252
    SHA-256: 846efff2901824c1f8e803812d309b5e585b55814238b436b6ca1df2f1788951
    Size: 301.61 kB
  4. libcurl-devel-7.61.1-30.el8.i686.rpm
    MD5: 88becbbf665cd257ed29d0dd4bb2eef1
    SHA-256: 06428ac4785be7e45b6f43c7f640fc04d3e71282ba94b2fa0a06c6d1a7a8c672
    Size: 833.80 kB
  5. libcurl-devel-7.61.1-30.el8.x86_64.rpm
    MD5: 8699611c6541142db37809f8fc4c89a8
    SHA-256: 551a5fa8b8c4e719d986900154bfc121b4f8940f2ad21abe1afc32f865f3310f
    Size: 833.76 kB
  6. libcurl-minimal-7.61.1-30.el8.i686.rpm
    MD5: 1bf7c6b65b8b75a6aecc550ef917e3b4
    SHA-256: edf40dbb913154e17fa871e14a18bfc98ae8d5a4319bf0d9fbac2ec9b27911c1
    Size: 314.75 kB
  7. libcurl-minimal-7.61.1-30.el8.x86_64.rpm
    MD5: 3888f28dd354b53df18184793b1ad774
    SHA-256: eda5c1de4e09d15c6628844ad219af0e1fd9f7f742b333c724020a4cd3dcc06c
    Size: 288.15 kB