Lucene search
AlmaLinuxALSA-2021:1610HistoryMay 18, 2021 - 5:39 a.m.
Moderate: curl security and bug fix update
2021-05-1805:39:00
errata.almalinux.org
30
EPSS
0.007
Percentile
80.5%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | x86_64 | curl | < 7.61.1-18.el8 | curl-7.61.1-18.el8.x86_64.rpm |
| almalinux | 8 | i686 | libcurl | < 7.61.1-18.el8 | libcurl-7.61.1-18.el8.i686.rpm |
| almalinux | 8 | x86_64 | libcurl | < 7.61.1-18.el8 | libcurl-7.61.1-18.el8.x86_64.rpm |
| almalinux | 8 | i686 | libcurl-devel | < 7.61.1-18.el8 | libcurl-devel-7.61.1-18.el8.i686.rpm |
| almalinux | 8 | x86_64 | libcurl-devel | < 7.61.1-18.el8 | libcurl-devel-7.61.1-18.el8.x86_64.rpm |
| almalinux | 8 | i686 | libcurl-minimal | < 7.61.1-18.el8 | libcurl-minimal-7.61.1-18.el8.i686.rpm |
| almalinux | 8 | x86_64 | libcurl-minimal | < 7.61.1-18.el8 | libcurl-minimal-7.61.1-18.el8.x86_64.rpm |
Related
rocky
rocky
curl security and bug fix update
2021-05-18 05:39:00
nessus
nessus
Oracle Linux 8 : curl (ELSA-2021-1610)
2021-05-26 00:00:00
CentOS 8 : curl (CESA-2021:1610)
2021-05-19 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-4665-1)
2020-12-09 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2021-05-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4665-1)
2020-12-10 00:00:00
Mageia: Security Advisory (MGASA-2020-0482)
2022-01-28 00:00:00
Slackware: Security Advisory (SSA:2020-344-01)
2022-04-21 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2020-12-31 17:32:44
ubuntu
ubuntu
curl vulnerabilities
2020-12-09 00:00:00
curl vulnerabilities
2020-12-09 00:00:00
curl vulnerability
2020-08-19 00:00:00
cloudfoundry
cloudfoundry
USN-4665-1: curl vulnerabilities | Cloud Foundry
2021-01-12 00:00:00
USN-4466-1: curl vulnerability | Cloud Foundry
2020-09-24 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2020-12-23 00:00:00
osv
osv
curl vulnerabilities
2020-12-09 12:10:47
Moderate: curl security and bug fix update
2021-05-18 05:39:00
curl - security update
2020-12-18 00:00:00
redhat
redhat
amazon
amazon
Medium: curl
2021-08-04 20:32:00
Low: curl
2020-11-14 01:22:00
freebsd
freebsd
cURL -- Multiple vulnerabilities
2020-12-09 00:00:00
curl -- expired pointer dereference vulnerability
2020-08-19 00:00:00
ibm
ibm
suse
suse
Security update for curl (moderate)
2020-12-14 00:00:00
Security update for curl (moderate)
2020-12-13 00:00:00
Security update for curl (moderate)
2020-09-05 00:00:00
slackware
slackware
[slackware-security] curl
2020-12-09 21:22:01
[slackware-security] curl
2020-08-19 18:21:41
fedora
fedora
[SECURITY] Fedora 33 Update: curl-7.71.1-8.fc33
2020-12-15 01:22:19
[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32
2020-12-21 01:36:25
[SECURITY] Fedora 32 Update: curl-7.69.1-5.fc32
2020-08-21 01:11:30
photon
photon
debian
debian
[SECURITY] [DLA 2500-1] curl security update
2020-12-19 02:59:56
[SECURITY] [DSA 4881-1] curl security update
2021-03-31 09:30:31
[SECURITY] [DLA 2382-1] curl security update
2020-09-26 15:33:03
ubuntucve
ubuntucve
cbl_mariner
cbl_mariner
CVE-2020-8285 affecting package curl 7.68.0-5
2020-12-16 04:51:58
CVE-2020-8231 affecting package curl 7.68.0-5
2021-01-11 21:49:35
CVE-2020-8286 affecting package curl 7.68.0-5
2020-12-16 04:51:58
nvd
nvd
prion
prion
Stack overflow
2020-12-14 20:15:00
Input validation
2020-12-14 20:15:00
Code injection
2020-12-14 20:15:00
redhatcve
redhatcve
debiancve
debiancve
CVE-2020-8285
2020-12-14 20:15:13
CVE-2020-8231
2020-12-14 20:15:13
alpinelinux
alpinelinux
hackerone
hackerone
curl: CVE-2020-8285: FTP wildcard stack overflow
2020-11-27 22:59:28
curl: Connect-only connections can use the wrong connection
2020-07-31 20:57:36
f5
f5
K61186963 : cURL vulnerability CVE-2020-8285
2021-02-19 00:00:00
K15402727 : cURL vulnerability CVE-2020-8286
2021-02-19 00:00:00
K63525058 : cURL vulnerability CVE-2020-8284
2021-02-19 00:00:00
cve
cve
veracode
veracode
Insecure Connection Processing
2020-08-20 04:14:02
Denial Of Service (DoS)
2020-12-11 09:19:42
Phishing Attacks
2020-12-11 09:23:25
cvelist
cvelist