[Apollo] Advisories Statistics light light Login

RLSA-2023:5763

Security Mirrored from RHSA-2023:5763
Issued at: 2023-10-24
Updated at: 2023-10-24

Synopsis

Important: curl security update



Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)

* curl: cookie injection with none file (CVE-2023-38546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64

Fixes

2241933 2241938

CVEs

CVE-2023-38545 CVE-2023-38546

Affected packages

Rocky Linux 9 aarch64 - BaseOS

curl-0:7.76.1-23.el9_2.4.aarch64.rpm curl-0:7.76.1-23.el9_2.4.src.rpm curl-debuginfo-0:7.76.1-23.el9_2.4.aarch64.rpm curl-debugsource-0:7.76.1-23.el9_2.4.aarch64.rpm curl-minimal-0:7.76.1-23.el9_2.4.aarch64.rpm curl-minimal-debuginfo-0:7.76.1-23.el9_2.4.aarch64.rpm libcurl-0:7.76.1-23.el9_2.4.aarch64.rpm libcurl-debuginfo-0:7.76.1-23.el9_2.4.aarch64.rpm libcurl-minimal-0:7.76.1-23.el9_2.4.aarch64.rpm libcurl-minimal-debuginfo-0:7.76.1-23.el9_2.4.aarch64.rpm

Rocky Linux 9 aarch64 - AppStream

curl-0:7.76.1-23.el9_2.4.src.rpm libcurl-devel-0:7.76.1-23.el9_2.4.aarch64.rpm