curl-7.76.1-26.el9_3.3
エラータID: AXSA:2024-7591:01
リリース日:
2024/03/08 Friday - 18:05
題名:
curl-7.76.1-26.el9_3.3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Curl のパブリックサフィックスリストと Cookie ドメインの照合
機能には、大文字と小文字が混在するケースの処理に欠陥があるため、
リモートの攻撃者により、細工された Web サーバーからの Cookie の
設定を介して、情報の漏洩 (関連のないサイトへの Cookie 情報の送信)
を可能とする脆弱性が存在します。(CVE-2023-46218)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.76.1-26.el9_3.3.src.rpm
MD5: 8b23d79c2db36d4777105dc412fc4dc7
SHA-256: 52e4310ae69b9dfdf58fb6499c49b95f0fab8cf87f162e1db7137511510c1912
Size: 2.43 MB
Asianux Server 9 for x86_64
- curl-7.76.1-26.el9_3.3.x86_64.rpm
MD5: f26f69bb10bd40d82b4260107e54ab31
SHA-256: 5262f17a6a330f880bad5c64ef36f31f24d2beb8f92bf55e51ca1d6bdacb7818
Size: 293.08 kB - curl-minimal-7.76.1-26.el9_3.3.x86_64.rpm
MD5: a0ac70b6339cf52c786e0a3724a15234
SHA-256: 6f122c5528b941db61f08584ce425002f832918844b5c7781e52e42fd275abcc
Size: 126.75 kB - libcurl-7.76.1-26.el9_3.3.i686.rpm
MD5: 204616944bef62f01ae0651816ee31b2
SHA-256: 4922fd4a282bc4ee01cc4debef075ac50253d9eb164a6dcd02e18396dc2ae3a9
Size: 309.92 kB - libcurl-7.76.1-26.el9_3.3.x86_64.rpm
MD5: 3543b81152903f8b91f4ad9f3e7443f5
SHA-256: cae697c567ff2df765b0d911ee744578c0ca83b370d24b5f033c2630e681feb7
Size: 283.86 kB - libcurl-devel-7.76.1-26.el9_3.3.i686.rpm
MD5: f585524e00b93482e804b51537a42992
SHA-256: 7699660d0efd455f70209f42ba5a5c65b3c0565cb8a5a934cd6237fc6ebf733a
Size: 0.96 MB - libcurl-devel-7.76.1-26.el9_3.3.x86_64.rpm
MD5: be6b41a97dad551c959a7749b601d75f
SHA-256: 18464e11891ec661e328c5923ae45a818ea3292c419a3f1b0bc8c4350ecec51f
Size: 0.96 MB - libcurl-minimal-7.76.1-26.el9_3.3.i686.rpm
MD5: 50661177b04d15301157ac71c8e51f68
SHA-256: 57899c387def483281a2b5f9dbe21eb86a4eba27ad89a1bee4d6618b2b600293
Size: 244.88 kB - libcurl-minimal-7.76.1-26.el9_3.3.x86_64.rpm
MD5: c1ccea171d4395f0ab5ca43e7e2bd201
SHA-256: 7312ae07126303cec05accad90097b7b8eea8586319e550b67eb54ce9af6a0e7
Size: 223.95 kB