ALSA-2023:4523

Source

https://errata.almalinux.org/8/ALSA-2023-4523.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:4523.json

Related

• CVE-2023-27536
• CVE-2023-28321

Published

2023-08-08T00:00:00Z

Modified

2023-08-09T10:39:24Z

Summary

Moderate: curl security update

Details

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

• curl: GSS delegation too eager connection re-use (CVE-2023-27536)
• curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

• https://access.redhat.com/errata/RHSA-2023:4523
• https://access.redhat.com/security/cve/CVE-2023-27536
• https://access.redhat.com/security/cve/CVE-2023-28321
• https://bugzilla.redhat.com/2179092
• https://bugzilla.redhat.com/2196786
• https://errata.almalinux.org/8/ALSA-2023-4523.html