MiracleLinux 8 : curl-7.61.1-33.el8_9.5 (AXSA:2024-7656:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7656:02 advisory. curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion CVE-2023-28322 curl: cookie injectio...

curl security and bug fix update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2024:1601 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion...

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 curl: more POST-after-PUT confusion...

curl: more POST-after-PUT confusion

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

curl: more POST-after-PUT confusion

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 9 : curl (RHSA-2023:5598)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5598 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

curl: more POST-after-PUT confusion

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

curl: more POST-after-PUT confusion

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 9 : curl (RHSA-2023:4354)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4354 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion...

CLSA-2023-1688070599 Fix CVE(s): CVE-2023-28322, CVE-2023-28321

SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322 SECURITY UPDATE: incorrect IDN wildcard match - debian/patches/CVE-2023-28321.patch: fix erroneous logic in wildcard handling, drop support for wildcards in th...

CLSA-2023-1688070248 Fix CVE(s): CVE-2023-28322

SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322...

SUSE: Security Advisory (SUSE-SU-2023:2227-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

more POST-after-PUT confusion

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

SUSE-SU-2023:2228-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. -...

curl -- multiple vulnerabilities

Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21 Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02 Low...