Lucene search
OracleLinuxELSA-2022-5313HistoryJun 30, 2022 - 12:00 a.m.
curl security update
2022-06-3000:00:00
linux.oracle.com
33
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
[7.61.1-22.el8_6.3]
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
[7.61.1-22.el8_6.2] - fix invalid type in printf() argument detected by Coverity
[7.61.1-22.el8_6.1] - fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | curl | < 7.61.1-22.el8_6.3 | curl-7.61.1-22.el8_6.3.src.rpm |
| oracle linux | 8 | aarch64 | curl | < 7.61.1-22.el8_6.3 | curl-7.61.1-22.el8_6.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | libcurl | < 7.61.1-22.el8_6.3 | libcurl-7.61.1-22.el8_6.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | libcurl-devel | < 7.61.1-22.el8_6.3 | libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | libcurl-minimal | < 7.61.1-22.el8_6.3 | libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm |
| oracle linux | 8 | src | curl | < 7.61.1-22.el8_6.3 | curl-7.61.1-22.el8_6.3.src.rpm |
| oracle linux | 8 | x86_64 | curl | < 7.61.1-22.el8_6.3 | curl-7.61.1-22.el8_6.3.x86_64.rpm |
| oracle linux | 8 | i686 | libcurl | < 7.61.1-22.el8_6.3 | libcurl-7.61.1-22.el8_6.3.i686.rpm |
| oracle linux | 8 | x86_64 | libcurl | < 7.61.1-22.el8_6.3 | libcurl-7.61.1-22.el8_6.3.x86_64.rpm |
| oracle linux | 8 | i686 | libcurl-devel | < 7.61.1-22.el8_6.3 | libcurl-devel-7.61.1-22.el8_6.3.i686.rpm |
Related
nessus
nessus
RHEL 8 : curl (RHSA-2022:5313)
2022-07-01 00:00:00
AlmaLinux 9 : curl (ALSA-2022:5245)
2022-11-16 00:00:00
AlmaLinux 8 : curl (5313) (ALSA-2022:5313)
2022-07-25 00:00:00
redhat
redhat
(RHSA-2022:5313) Moderate: curl security update
2022-06-28 10:52:02
(RHSA-2022:5245) Moderate: curl security update
2022-06-28 08:27:15
osv
osv
Moderate: curl security update
2022-06-28 10:52:02
Moderate: curl security update
2022-06-30 00:00:00
curl vulnerabilities
2022-04-28 18:23:23
rocky
rocky
curl security update
2022-06-28 10:52:02
oraclelinux
oraclelinux
curl security update
2022-06-30 00:00:00
almalinux
almalinux
Moderate: curl security update
2022-06-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2220
2023-08-22 13:18:19
fedora
fedora
[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35
2022-05-18 01:11:50
[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34
2022-05-24 01:41:08
[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36
2022-05-07 05:15:01
openvas
openvas
Fedora: Security Advisory for curl (FEDORA-2022-8277bef335)
2022-05-25 00:00:00
Fedora: Security Advisory for curl (FEDORA-2022-3d8f00cde2)
2022-05-18 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1991)
2022-07-08 00:00:00
slackware
slackware
[slackware-security] curl
2022-04-27 21:48:34
amazon
amazon
freebsd
freebsd
cURL -- Multiple vulnerabilities
2022-04-27 00:00:00
mediawiki -- multiple vulnerabilities
2022-05-16 00:00:00
cloudfoundry
cloudfoundry
USN-5397-1: curl vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2022-05-02 22:44:52
Updated curl packages fix security vulnerability
2022-05-15 13:06:40
ubuntu
ubuntu
curl vulnerabilities
2022-04-28 00:00:00
redos
redos
ROS-20220516-09
2022-05-16 00:00:00
hackerone
hackerone
curl: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-21 15:20:43
Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-27 07:10:47
Internet Bug Bounty: OAUTH2 bearer not-checked for connection re-use
2022-04-27 16:16:35
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0176
2022-04-30 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0388
2022-04-30 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0176
2022-04-30 00:00:00
suse
suse
Security update for curl (moderate)
2022-05-13 00:00:00
Security update for curl (important)
2022-05-27 00:00:00
debian
debian
[SECURITY] [DLA 3288-1] curl security update
2023-01-28 21:19:47
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
cve
cve
veracode
veracode
Authentication Bypass
2022-05-14 20:51:19
Authentication Bypass
2022-04-29 06:57:54
Information Disclosure
2022-04-30 16:23:48
cbl_mariner
cbl_mariner
CVE-2022-27782 affecting package curl 7.83.0-1
2022-07-01 21:02:21
CVE-2022-22576 affecting package curl 7.76.0-9
2022-05-12 02:16:39
CVE-2022-27774 affecting package curl 7.76.0-9
2022-05-12 02:16:39
prion
prion
Authentication flaw
2022-05-26 17:15:00
Design/Logic Flaw
2022-06-02 14:15:00
Design/Logic Flaw
2022-06-02 14:15:00
redhatcve
redhatcve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
debiancve
debiancve
broadcom
broadcom
mscve
mscve
cloudlinux
cloudlinux
Fixed CVE-2022-27782 in curl
2022-07-04 19:12:03
rubygems
rubygems
Authorization header leak on port redirect in mechanize
2022-06-08 21:00:00
github
github
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
Change in port should be considered a change in origin
2022-06-21 20:07:16
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
Related for ELSA-2022-5313