(RHSA-2023:3460) Moderate: curl security update

2023-06-0607:51:41

access.redhat.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: HTTP compression denial of service (CVE-2022-32206)
curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xcurl-debuginfo< 7.61.1-18.el8_4.3curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm
RedHat8s390xlibcurl< 7.61.1-18.el8_4.3libcurl-7.61.1-18.el8_4.3.s390x.rpm
RedHat8aarch64libcurl-devel< 7.61.1-18.el8_4.3libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm
RedHat8i686curl-debugsource< 7.61.1-18.el8_4.3curl-debugsource-7.61.1-18.el8_4.3.i686.rpm
RedHat8s390xlibcurl-devel< 7.61.1-18.el8_4.3libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm
RedHat8s390xcurl-debugsource< 7.61.1-18.el8_4.3curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm
RedHat8s390xlibcurl-debuginfo< 7.61.1-18.el8_4.3libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm
RedHat8aarch64curl-minimal-debuginfo< 7.61.1-18.el8_4.3curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm
RedHat8x86_64curl-debuginfo< 7.61.1-18.el8_4.3curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm
RedHat8x86_64libcurl-debuginfo< 7.61.1-18.el8_4.3libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	curl-debuginfo	< 7.61.1-18.el8_4.3	curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm
RedHat	8	s390x	libcurl	< 7.61.1-18.el8_4.3	libcurl-7.61.1-18.el8_4.3.s390x.rpm
RedHat	8	aarch64	libcurl-devel	< 7.61.1-18.el8_4.3	libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm
RedHat	8	i686	curl-debugsource	< 7.61.1-18.el8_4.3	curl-debugsource-7.61.1-18.el8_4.3.i686.rpm
RedHat	8	s390x	libcurl-devel	< 7.61.1-18.el8_4.3	libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm
RedHat	8	s390x	curl-debugsource	< 7.61.1-18.el8_4.3	curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm
RedHat	8	s390x	libcurl-debuginfo	< 7.61.1-18.el8_4.3	libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm
RedHat	8	aarch64	curl-minimal-debuginfo	< 7.61.1-18.el8_4.3	curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm
RedHat	8	x86_64	curl-debuginfo	< 7.61.1-18.el8_4.3	curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm
RedHat	8	x86_64	libcurl-debuginfo	< 7.61.1-18.el8_4.3	libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm