Lucene search
RedHatRHSA-2023:4523HistoryAug 08, 2023 - 7:21 a.m.
(RHSA-2023:4523) Moderate: curl security update
2023-08-0807:21:00
access.redhat.com
18
curl
gss delegation
idn wildcard
security update
cve-2023-27536
cve-2023-28321
download utility
file transfer
0.002 Low
EPSS
Percentile
59.8%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: GSS delegation too eager connection re-use (CVE-2023-27536)
-
curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | i686 | libcurl | < 7.61.1-30.el8_8.3 | libcurl-7.61.1-30.el8_8.3.i686.rpm |
| RedHat | 8 | aarch64 | libcurl-minimal | < 7.61.1-30.el8_8.3 | libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm |
| RedHat | 8 | x86_64 | curl-debugsource | < 7.61.1-30.el8_8.3 | curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm |
| RedHat | 8 | i686 | curl-debugsource | < 7.61.1-30.el8_8.3 | curl-debugsource-7.61.1-30.el8_8.3.i686.rpm |
| RedHat | 8 | s390x | curl | < 7.61.1-30.el8_8.3 | curl-7.61.1-30.el8_8.3.s390x.rpm |
| RedHat | 8 | i686 | libcurl-devel | < 7.61.1-30.el8_8.3 | libcurl-devel-7.61.1-30.el8_8.3.i686.rpm |
| RedHat | 8 | s390x | curl-minimal-debuginfo | < 7.61.1-30.el8_8.3 | curl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm |
| RedHat | 8 | i686 | libcurl-minimal-debuginfo | < 7.61.1-30.el8_8.3 | libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm |
| RedHat | 8 | x86_64 | libcurl-debuginfo | < 7.61.1-30.el8_8.3 | libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm |
| RedHat | 8 | x86_64 | libcurl-minimal | < 7.61.1-30.el8_8.3 | libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm |
Related
nessus
nessus
Oracle Linux 8 : curl (ELSA-2023-4523)
2023-08-15 00:00:00
RHEL 8 : curl (RHSA-2023:4523)
2023-08-08 00:00:00
AlmaLinux 8 : curl (ALSA-2023:4523)
2023-08-09 00:00:00
osv
osv
Moderate: curl security update
2023-10-06 23:10:01
Moderate: curl security update
2023-08-08 00:00:00
CVE-2023-27536
2023-03-30 20:15:07
rocky
rocky
curl security update
2023-10-06 23:10:01
oraclelinux
oraclelinux
curl security update
2023-08-10 00:00:00
curl security update
2023-08-02 00:00:00
curl security update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: curl security update
2023-08-08 00:00:00
Moderate: curl security update
2023-08-01 00:00:00
Moderate: curl security update
2023-11-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-27536 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
CVE-2023-28321 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
CVE-2023-27536 affecting package curl for versions less than 8.0.1-1
2023-04-16 00:48:11
hackerone
hackerone
curl: CVE-2023-28321: IDN wildcard match
2023-04-17 16:54:15
curl: CVE-2023-27536: GSS delegation too eager connection re-use
2023-03-07 11:00:18
prion
prion
Input validation
2023-05-26 21:15:00
Authentication flaw
2023-03-30 20:15:00
cve
cve
CVE-2023-28321
2023-05-26 21:15:16
CVE-2023-27536
2023-03-30 20:15:07
ibm
ibm
cvelist
cvelist
CVE-2023-28321
2023-05-26 00:00:00
CVE-2023-27536
2023-03-30 00:00:00
veracode
veracode
Improper Certificate Validation
2023-06-07 10:17:40
Authentication Bypass
2023-03-21 00:30:20
Improper Certificate Validation
2023-06-06 16:56:36
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3121)
2023-11-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3425)
2023-12-15 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2750)
2023-09-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-27536
2023-03-20 00:00:00
CVE-2023-28321
2023-05-17 00:00:00
redhatcve
redhatcve
CVE-2023-27536
2023-03-21 13:13:50
CVE-2023-28321
2023-05-17 09:27:51
debiancve
debiancve
CVE-2023-27536
2023-03-30 20:15:07
CVE-2023-28321
2023-05-26 21:15:16
alpinelinux
alpinelinux
CVE-2023-27536
2023-03-30 20:15:07
CVE-2023-28321
2023-05-26 21:15:16
redhat
redhat
(RHSA-2023:4889) Important: DevWorkspace Operator 0.22 release
2023-08-30 21:19:16
(RHSA-2023:5598) Moderate: curl security update
2023-10-10 14:20:03
(RHSA-2023:6292) Moderate: curl security update
2023-11-02 15:53:46
debian
debian
[SECURITY] [DLA 3613-1] curl security update
2023-10-11 11:49:26
[SECURITY] [DLA 3398-1] curl security update
2023-04-21 20:05:07
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37
2023-06-08 02:00:39
[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38
2023-06-07 02:15:37
[SECURITY] Fedora 36 Update: curl-7.82.0-14.fc36
2023-04-09 01:41:25
amazon
amazon
Medium: curl
2023-04-13 19:01:00
Medium: curl
2023-08-31 22:29:00
cloudlinux
cloudlinux
curl: Fix of 3 CVEs
2023-04-14 16:45:12
ubuntu
ubuntu
curl vulnerabilities
2023-03-27 00:00:00
curl vulnerabilities
2023-09-11 00:00:00
curl vulnerabilities
2023-07-19 00:00:00
cloudfoundry
cloudfoundry
USN-6237-2: curl regression | Cloud Foundry
2023-08-10 00:00:00
USN-5964-2: curl vulnerabilities | Cloud Foundry
2023-04-24 00:00:00
USN-6237-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
freebsd
freebsd
curl -- multiple vulnerabilities
2023-03-21 00:00:00
redos
redos
ROS-20230407-01
2023-04-07 00:00:00
ROS-20230621-04
2023-06-21 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2023-09-25 01:16:18
slackware
slackware
[slackware-security] curl
2023-05-17 21:00:11