ALSA-2023:6679
- Source
- https://errata.almalinux.org/9/ALSA-2023-6679.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:6679.json
- Related
- Published
- 2023-11-07T00:00:00Z
- Modified
- 2023-11-15T11:24:09Z
- Summary
- Moderate: curl security update
- Details
-
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: GSS delegation too eager connection re-use (CVE-2023-27536)
- curl: TELNET option IAC injection (CVE-2023-27533)
- curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
- curl: SSH connection too eager reuse still (CVE-2023-27538)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2023:6679
- https://access.redhat.com/security/cve/CVE-2023-27533
- https://access.redhat.com/security/cve/CVE-2023-27534
- https://access.redhat.com/security/cve/CVE-2023-27536
- https://access.redhat.com/security/cve/CVE-2023-27538
- https://bugzilla.redhat.com/2179062
- https://bugzilla.redhat.com/2179069
- https://bugzilla.redhat.com/2179092
- https://bugzilla.redhat.com/2179103
- https://errata.almalinux.org/9/ALSA-2023-6679.html
Affected packages
AlmaLinux:9 / curl
Package
- Name
- curl
AlmaLinux:9 / curl-minimal
Package
- Name
- curl-minimal
AlmaLinux:9 / libcurl
Package
- Name
- libcurl
AlmaLinux:9 / libcurl-devel
Package
- Name
- libcurl-devel