curl-7.29.0-59.el7.2

エラータID: AXSA:2023-7014:15

リリース日: 
2023/12/15 Friday - 01:55
題名: 
curl-7.29.0-59.el7.2
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

以下項目について対処しました。

[Security Fix]
- curl には、SMB または TELNET プロトコルのトンネリングが
拒否された際に解放後利用を引き起こす脆弱性が存在します。
(CVE-2022-43552)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. curl-7.29.0-59.el7.2.src.rpm
    MD5: 670cf3c6cbfa820e54c6b9883fb81c98
    SHA-256: 27c28c8cb3de6d256168459bf509ba4884b981790670c422c73045343578bdef
    Size: 2.33 MB

Asianux Server 7 for x86_64
  1. curl-7.29.0-59.el7.2.x86_64.rpm
    MD5: c01c2bb99ffd8eb71d01c22f9a4eaacc
    SHA-256: bb351ec290ac9da516521e2d2053ac50f3fe9b98d8266ef18080ae1e480c7abb
    Size: 270.04 kB
  2. libcurl-7.29.0-59.el7.2.i686.rpm
    MD5: 8a5bacc23a852f67aefbf331dddb20f7
    SHA-256: 472f4658192a00aebf3586442376fd8e7d5271d0200f2f3b7c562ecbcf3f03d5
    Size: 225.23 kB
  3. libcurl-7.29.0-59.el7.2.x86_64.rpm
    MD5: 0548c2dd32c3ace758c51dc7c7bf4db5
    SHA-256: fde44ec5c516bdc4e6ab3fad1dc3ff4309ac83f7afd6fa31e4b411c07d5a19c5
    Size: 222.52 kB
  4. libcurl-devel-7.29.0-59.el7.2.i686.rpm
    MD5: 13da3a2ed0a764449494b3f3ec482190
    SHA-256: 72fed2956914f551d66fbc5ceba636020fbe61b9867b54613ee98a0f0581197c
    Size: 302.37 kB
  5. libcurl-devel-7.29.0-59.el7.2.x86_64.rpm
    MD5: faf138911ff3666a28a65d6e78711518
    SHA-256: 4989ad65261033ff0168b2f3dd1c1a6d7c50433040f965e1fe0f7d9ee222f1d5
    Size: 302.30 kB