Lucene search

K
oraclelinuxOracleLinuxELSA-2021-4511
HistoryNov 16, 2021 - 12:00 a.m.

curl security and bug fix update

2021-11-1600:00:00
linux.oracle.com
35
security update
bug fix
cve-2021-22947
cve-2021-22946
cve-2021-22925
cve-2021-22898
cve-2021-22924
cve-2021-22923
cve-2021-22922
unix
protocol injection

EPSS

0.009

Percentile

83.1%

[7.61.1-22]

  • fix STARTTLS protocol injection via MITM (CVE-2021-22947)
  • fix protocol downgrade required TLS bypass (CVE-2021-22946)
    [7.61.1-21]
  • fix TELNET stack contents disclosure again (CVE-2021-22925)
  • fix TELNET stack contents disclosure (CVE-2021-22898)
  • fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
  • disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded
    [7.61.1-20]
  • fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch
    [7.61.1-19]
  • make curl --head file:// work as expected (#1947493)
  • prevent automatic referer from leaking credentials (CVE-2021-22876)