[Apollo] Advisories Statistics light light Login

RLSA-2024:1601

Security Mirrored from RHSA-2024:1601
Issued at: 2024-04-05
Updated at: 2024-04-05

Synopsis

Moderate: curl security and bug fix update



Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)

* curl: more POST-after-PUT confusion (CVE-2023-28322)

* curl: cookie injection with none file (CVE-2023-38546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* libssh (curl sftp) not trying password auth (BZ#2240033)

* libssh: cap SFTP packet size sent (Rocky Linux-5485)



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2196793 2240033 2241938 2252030

CVEs

CVE-2023-28322 CVE-2023-38546 CVE-2023-46218

Affected packages

Rocky Linux 8 aarch64 - BaseOS

curl-0:7.61.1-33.el8_9.5.aarch64.rpm curl-0:7.61.1-33.el8_9.5.src.rpm curl-debuginfo-0:7.61.1-33.el8_9.5.aarch64.rpm curl-debugsource-0:7.61.1-33.el8_9.5.aarch64.rpm libcurl-0:7.61.1-33.el8_9.5.aarch64.rpm libcurl-debuginfo-0:7.61.1-33.el8_9.5.aarch64.rpm libcurl-devel-0:7.61.1-33.el8_9.5.aarch64.rpm libcurl-minimal-0:7.61.1-33.el8_9.5.aarch64.rpm libcurl-minimal-debuginfo-0:7.61.1-33.el8_9.5.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

curl-0:7.61.1-33.el8_9.5.src.rpm curl-0:7.61.1-33.el8_9.5.x86_64.rpm curl-debuginfo-0:7.61.1-33.el8_9.5.i686.rpm curl-debuginfo-0:7.61.1-33.el8_9.5.x86_64.rpm curl-debugsource-0:7.61.1-33.el8_9.5.i686.rpm curl-debugsource-0:7.61.1-33.el8_9.5.x86_64.rpm libcurl-0:7.61.1-33.el8_9.5.i686.rpm libcurl-0:7.61.1-33.el8_9.5.x86_64.rpm libcurl-debuginfo-0:7.61.1-33.el8_9.5.i686.rpm libcurl-debuginfo-0:7.61.1-33.el8_9.5.x86_64.rpm libcurl-devel-0:7.61.1-33.el8_9.5.i686.rpm libcurl-devel-0:7.61.1-33.el8_9.5.x86_64.rpm libcurl-minimal-0:7.61.1-33.el8_9.5.i686.rpm libcurl-minimal-0:7.61.1-33.el8_9.5.x86_64.rpm libcurl-minimal-debuginfo-0:7.61.1-33.el8_9.5.i686.rpm libcurl-minimal-debuginfo-0:7.61.1-33.el8_9.5.x86_64.rpm