curl-7.76.1-23.el9.1
エラータID: AXSA:2023-6065:09
リリース日:
2023/06/16 Friday - 04:21
題名:
curl-7.76.1-23.el9.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libcurl には、FTP コネクションの再利用機能において認証情報の
チェックが不十分な問題があるため、リモートの攻撃者により、
機密情報の漏洩を可能とする脆弱性が存在します。(CVE-2023-27535)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.76.1-23.el9.1.src.rpm
MD5: a00a4b26cf9f77bda15e72bfd22dfbd9
SHA-256: 835c74161273688b62106b724b9ee4fd6cf1f2d3ec2cab7a96fe472b417eb863
Size: 2.40 MB
Asianux Server 9 for x86_64
- curl-7.76.1-23.el9.1.x86_64.rpm
MD5: 0fd426fe291b12c7d4664d3f9e0ba42f
SHA-256: c5687099025a2db318993872b4ded5d3c56997b46b610319fb2ee2318bd3e18d
Size: 294.19 kB - curl-minimal-7.76.1-23.el9.1.x86_64.rpm
MD5: 1f174baddebe8cfcd89af18b7f49b14b
SHA-256: 8aa91b3e681a0e35bb3b1aeb7ed96c06e0133f5037634e9f38ad0eca3078b9bf
Size: 127.91 kB - libcurl-7.76.1-23.el9.1.i686.rpm
MD5: ff7b1c9aa28b8d53a7626f2f54d2ec58
SHA-256: 01969e7f7b4e36725bf3d52adc0aa8020fb5ecc160a61efa3e16282c8b640000
Size: 311.40 kB - libcurl-7.76.1-23.el9.1.x86_64.rpm
MD5: 7f0d8f2660525032d0b95d5427c01bc2
SHA-256: 1856a1a9e29ddac07ce19eb806f7a297dd2d12f5af018092450ca0947065b0ff
Size: 284.99 kB - libcurl-devel-7.76.1-23.el9.1.i686.rpm
MD5: ab74a12d225f3cde46dd3268332d4fea
SHA-256: e6d80ae346d4305f803ab17faa7df71c3934a93ca9310723bca3a758697124a0
Size: 849.77 kB - libcurl-devel-7.76.1-23.el9.1.x86_64.rpm
MD5: e2b61c53479f7541135c42205fbc068d
SHA-256: 5f7fb92dd34d8b1b6c927ddf3bff0239eb74a462eeef6af82e68d2df16d1001a
Size: 849.82 kB - libcurl-minimal-7.76.1-23.el9.1.i686.rpm
MD5: df8755247b978b667415a454342bd6d9
SHA-256: a009a67458dffcd091bbbf66925936c0a8744633079bac0c7af85d6a3a12d55a
Size: 246.33 kB - libcurl-minimal-7.76.1-23.el9.1.x86_64.rpm
MD5: 1145ccca3d4d8b733c1c971133dc9103
SHA-256: 2ab99b0ad2546a91903a65c62933945b5a37bca1167d62b4cb64de5c179d0885
Size: 225.95 kB