curl security update

🗓️ 24 Aug 2022 15:12:40Reported by Rockylinux Product ErrataType

An update for curl affecting Rocky Linux 8, including fixes for HTTP compression denial of service and FTP-KRB bad message verification

Reporter	Title	Published	Views	Family All 256
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)	7 Oct 202218:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl (CVE-2022-32208)	31 Mar 202316:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, Golang Go, and cURL libcurl may affect IBM Spectrum Protect Plus	13 Dec 202219:27	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ is affected by a vulnerability in libcurl (CVE-2022-32206)	4 Nov 202212:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )	31 Jan 202314:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps	26 Mar 202502:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)	6 Oct 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.	15 Dec 202209:13	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	8	aarch64	curl	0:7.61.1-22.el8_6.4	curl-0:7.61.1-22.el8_6.4.aarch64.rpm
Rocky Linux	8	x86_64	curl	0:7.61.1-22.el8_6.4	curl-0:7.61.1-22.el8_6.4.x86_64.rpm
Rocky Linux	8	aarch64	curl-debuginfo	0:7.61.1-22.el8_6.4	curl-debuginfo-0:7.61.1-22.el8_6.4.aarch64.rpm
Rocky Linux	8	i686	curl-debuginfo	0:7.61.1-22.el8_6.4	curl-debuginfo-0:7.61.1-22.el8_6.4.i686.rpm
Rocky Linux	8	x86_64	curl-debuginfo	0:7.61.1-22.el8_6.4	curl-debuginfo-0:7.61.1-22.el8_6.4.x86_64.rpm
Rocky Linux	8	aarch64	curl-debugsource	0:7.61.1-22.el8_6.4	curl-debugsource-0:7.61.1-22.el8_6.4.aarch64.rpm
Rocky Linux	8	i686	curl-debugsource	0:7.61.1-22.el8_6.4	curl-debugsource-0:7.61.1-22.el8_6.4.i686.rpm
Rocky Linux	8	x86_64	curl-debugsource	0:7.61.1-22.el8_6.4	curl-debugsource-0:7.61.1-22.el8_6.4.x86_64.rpm
Rocky Linux	8	aarch64	libcurl	0:7.61.1-22.el8_6.4	libcurl-0:7.61.1-22.el8_6.4.aarch64.rpm
Rocky Linux	8	i686	libcurl	0:7.61.1-22.el8_6.4	libcurl-0:7.61.1-22.el8_6.4.i686.rpm

24 Aug 2022 15:12Current

8.2High risk

Vulners AI Score8.2

CVSS 24.3

CVSS 3.16.5

EPSS0.03367

SSVC