Lucene search

AmazonALAS2-2021-1724

HistoryDec 08, 2021 - 2:22 a.m.

Medium: curl

2021-12-0802:22:00

alas.aws.amazon.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.9 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.3%

JSON

Issue Overview:

A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability. (CVE-2021-22945)

A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption leading to data being transmitted in clear text over the network. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-22946)

A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as valid and authenticated and use them. An attacker could potentially use this flaw to carry out a Man-In-The-Middle attack. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-22947)

Affected Packages:

curl

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update curl to update your system.

New Packages:

aarch64:  
    curl-7.79.1-1.amzn2.0.1.aarch64  
    libcurl-7.79.1-1.amzn2.0.1.aarch64  
    libcurl-devel-7.79.1-1.amzn2.0.1.aarch64  
    curl-debuginfo-7.79.1-1.amzn2.0.1.aarch64  
  
i686:  
    curl-7.79.1-1.amzn2.0.1.i686  
    libcurl-7.79.1-1.amzn2.0.1.i686  
    libcurl-devel-7.79.1-1.amzn2.0.1.i686  
    curl-debuginfo-7.79.1-1.amzn2.0.1.i686  
  
src:  
    curl-7.79.1-1.amzn2.0.1.src  
  
x86_64:  
    curl-7.79.1-1.amzn2.0.1.x86_64  
    libcurl-7.79.1-1.amzn2.0.1.x86_64  
    libcurl-devel-7.79.1-1.amzn2.0.1.x86_64  
    curl-debuginfo-7.79.1-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2021-22945, CVE-2021-22946, CVE-2021-22947

Mitre: CVE-2021-22945, CVE-2021-22946, CVE-2021-22947

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64curl< 7.79.1-1.amzn2.0.1curl-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64libcurl< 7.79.1-1.amzn2.0.1libcurl-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64libcurl-devel< 7.79.1-1.amzn2.0.1libcurl-devel-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64curl-debuginfo< 7.79.1-1.amzn2.0.1curl-debuginfo-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux2i686curl< 7.79.1-1.amzn2.0.1curl-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux2i686libcurl< 7.79.1-1.amzn2.0.1libcurl-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux2i686libcurl-devel< 7.79.1-1.amzn2.0.1libcurl-devel-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux2i686curl-debuginfo< 7.79.1-1.amzn2.0.1curl-debuginfo-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux2x86_64curl< 7.79.1-1.amzn2.0.1curl-7.79.1-1.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64libcurl< 7.79.1-1.amzn2.0.1libcurl-7.79.1-1.amzn2.0.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	curl	< 7.79.1-1.amzn2.0.1	curl-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	libcurl	< 7.79.1-1.amzn2.0.1	libcurl-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	libcurl-devel	< 7.79.1-1.amzn2.0.1	libcurl-devel-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	curl-debuginfo	< 7.79.1-1.amzn2.0.1	curl-debuginfo-7.79.1-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	curl	< 7.79.1-1.amzn2.0.1	curl-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	libcurl	< 7.79.1-1.amzn2.0.1	libcurl-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	libcurl-devel	< 7.79.1-1.amzn2.0.1	libcurl-devel-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	curl-debuginfo	< 7.79.1-1.amzn2.0.1	curl-debuginfo-7.79.1-1.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	curl	< 7.79.1-1.amzn2.0.1	curl-7.79.1-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	x86_64	libcurl	< 7.79.1-1.amzn2.0.1	libcurl-7.79.1-1.amzn2.0.1.x86_64.rpm