Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2021-202-02
HistoryJul 21, 2021 - 6:22 p.m.

[slackware-security] curl

2021-07-2118:22:03
Slackware Linux Project
www.slackware.com
73

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/curl-7.78.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
CURLOPT_SSLCERT mixup with Secure Transport
TELNET stack contents disclosure again
Bad connection reuse due to flawed path name checks
Metalink download sends credentials
Wrong content via metalink not discarded
For more information, see:
https://vulners.com/cve/CVE-2021-22926
https://vulners.com/cve/CVE-2021-22925
https://vulners.com/cve/CVE-2021-22924
https://vulners.com/cve/CVE-2021-22923
https://vulners.com/cve/CVE-2021-22922
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the โ€œGet Slackโ€ section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.78.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.78.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.78.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.78.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.78.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.78.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.78.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.78.0-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
36c0577e4fb5ec3916ca08723c02745d curl-7.78.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
89bdac9fbe9219ff4feb03a2c879bea9 curl-7.78.0-x86_64-1_slack14.0.txz

Slackware 14.1 package:
b5fbcd000bf09c0a46d1ad6ff369f91a curl-7.78.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
53d76579584b6ede3487d7f7eb915ba9 curl-7.78.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
91be99e064eda0e0f6099495ba21117d curl-7.78.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c99a8249e4b1b37dc01c17545d6346e3 curl-7.78.0-x86_64-1_slack14.2.txz

Slackware -current package:
305305032335ed9455dd253f331b43f7 n/curl-7.78.0-i586-1.txz

Slackware x86_64 -current package:
0cb3ee1ff68eac68483d529146a28b23 n/curl-7.78.0-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg curl-7.78.0-i586-1_slack14.2.txz

Related

nessus 54
photon 11
suse 2
mageia 1
redhat 21
rocky 2
amazon 2
archlinux 6
osv 14
almalinux 2
oraclelinux 2
fedora 4
freebsd 1
cloudfoundry 1
ubuntu 3
ibm 11
hackerone 5
alpinelinux 5
prion 5
cve 5
cbl_mariner 10
redhatcve 5
ubuntucve 5
veracode 5
debiancve 4
f5 1
cloudlinux 2
githubexploit 1
debian 3
ics 3
gentoo 1
apple 2
nessus
nessus
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-2769)
2021-11-17 00:00:00
Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2021-202-02)
2021-07-22 00:00:00
EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2682)
2021-11-11 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0069
2021-07-25 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0273
2021-07-24 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0069
2021-07-25 00:00:00
suse
suse
Security update for curl (moderate)
2021-07-21 00:00:00
Security update for curl (moderate)
2021-07-24 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2021-07-27 23:21:53
redhat
redhat
(RHSA-2021:3582) Moderate: curl security update
2021-09-21 07:12:18
(RHSA-2021:3903) Moderate: curl security update
2021-10-19 06:26:14
(RHSA-2021:4725) Moderate: OpenShift Virtualization 2.6.8 Images security and bug fix update
2021-11-17 18:35:17
rocky
rocky
curl security update
2021-09-21 07:12:18
curl security and bug fix update
2021-11-09 09:38:13
amazon
amazon
Medium: curl
2021-09-08 23:35:00
Medium: curl
2021-09-02 22:54:00
archlinux
archlinux
[ASA-202107-59] curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-60] lib32-curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-64] lib32-libcurl-gnutls: multiple issues
2021-07-21 00:00:00
osv
osv
Moderate: curl security update
2021-09-21 07:12:18
curl vulnerabilities
2021-07-22 18:17:55
CVE-2021-22926
2021-08-05 21:15:11
almalinux
almalinux
Moderate: curl security update
2021-09-21 07:12:18
Moderate: curl security and bug fix update
2021-11-09 09:38:13
oraclelinux
oraclelinux
curl security update
2021-09-21 00:00:00
curl security and bug fix update
2021-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34
2021-07-23 01:06:01
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34
2021-09-21 15:33:29
freebsd
freebsd
cURL -- Multiple vulnerabilities
2021-07-21 00:00:00
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2021-07-22 00:00:00
curl vulnerability
2022-01-20 00:00:00
curl vulnerabilities
2023-02-27 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2021-11-01 20:13:42
Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)
2022-05-20 13:05:57
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22924)
2022-04-22 14:34:57
hackerone
hackerone
curl: CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport
2021-06-15 15:39:06
curl: CVE-2021-22922: Wrong content via metalink not discarded
2021-05-30 20:49:36
curl: CVE-2021-22923: Metalink download sends credentials
2021-05-30 21:32:16
alpinelinux
alpinelinux
CVE-2021-22926
2021-08-05 21:15:00
CVE-2021-22925
2021-08-05 21:15:00
CVE-2021-22924
2021-08-05 21:15:00
prion
prion
Design/Logic Flaw
2021-08-05 21:15:00
Default credentials
2021-08-05 21:15:00
Code injection
2021-08-05 21:15:00
cve
cve
CVE-2021-22923
2021-08-05 21:15:00
CVE-2021-22926
2021-08-05 21:15:00
CVE-2021-22924
2021-08-05 21:15:00
cbl_mariner
cbl_mariner
CVE-2021-22926 affecting package curl 7.76.0-6
2022-04-09 06:51:45
CVE-2021-22923 affecting package curl 7.76.0-6
2022-04-09 06:51:45
CVE-2021-22922 affecting package curl 7.76.0-9
2021-08-11 06:39:26
redhatcve
redhatcve
CVE-2021-22926
2021-10-20 18:48:55
CVE-2021-22923
2021-07-21 09:20:09
CVE-2021-22924
2021-07-21 09:20:09
ubuntucve
ubuntucve
CVE-2021-22926
2021-08-05 00:00:00
CVE-2021-22922
2021-07-21 00:00:00
CVE-2021-22923
2021-07-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-26 09:26:18
Wrong Content
2021-07-22 05:50:53
Information Disclosure
2021-07-22 05:01:40
debiancve
debiancve
CVE-2021-22923
2021-08-05 21:15:00
CVE-2021-22922
2021-08-05 21:15:00
CVE-2021-22924
2021-08-05 21:15:00
f5
f5
K54308152 : cURL vulnerability CVE-2021-22923
2021-08-03 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22924
2021-09-21 22:10:36
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44
githubexploit
githubexploit
Exploit for Use of Incorrectly-Resolved Name or Reference in Haxx Libcurl
2022-04-30 03:40:15
debian
debian
[SECURITY] [DLA 2734-1] curl security update
2021-08-13 04:32:15
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44
ics
ics
Siemens Industrial Devices using libcurl (Update B)
2022-08-11 12:00:00
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SINEMA Remote Connect Server
2022-06-16 12:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of macOS Big Sur 11.6
2021-09-13 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON
Related for SSA-2021-202-02
nessus54photon11suse2mageia1redhat21rocky2amazon2archlinux6osv14almalinux2oraclelinux2fedora4freebsd1cloudfoundry1ubuntu3ibm11hackerone5alpinelinux5prion5cve5cbl_mariner10redhatcve5ubuntucve5veracode5debiancve4f51cloudlinux2githubexploit1debian3ics3gentoo1apple2