curl security and bug fix update

🗓️ 03 Apr 2024 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 270 Views

fixes for curl security vulnerabilitie

Reporter	Title	Published	Views	Family All 669
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, and Base Module affected by multiple vulnerabilities (CVE-2023-28322, CVE-2023-28320, CVE-2023-28319, CVE-2023-28321)	2 Oct 202316:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)	20 Nov 202315:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to the Insertion of Sensitive Information Into Sent Data in the RHEL UBI (CVE-2023-46218)	5 Aug 202420:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	24 Jul 202317:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-28322)	19 Jan 202422:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)	14 Nov 202322:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	18 Jun 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libcurl may affect IBM Storage Scale System (CVE-2023-28322)	4 Apr 202411:15	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	8	src	curl	7.61.1-33.el8_9.5	curl-7.61.1-33.el8_9.5.src.rpm
oracle linux	8	src	curl	7.61.1-33.el8_9.5	curl-7.61.1-33.el8_9.5.src.rpm
oracle linux	8	aarch64	curl	7.61.1-33.el8_9.5	curl-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	curl	7.61.1-33.el8_9.5	curl-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl	7.61.1-33.el8_9.5	libcurl-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl	7.61.1-33.el8_9.5	libcurl-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl-devel	7.61.1-33.el8_9.5	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl-devel	7.61.1-33.el8_9.5	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl-minimal	7.61.1-33.el8_9.5	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm
oracle linux	8	aarch64	libcurl-minimal	7.61.1-33.el8_9.5	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm

03 Apr 2024 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.16.5

EPSS0.00631

SSVC

rhel-5485 keyboard-interactive auth upload method handling cookie injection domain names cve-2023-28322 cve-2023-38546 cve-2023-46218