CLSA-2021-1635459163

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2021-1635459163

Upstream

CVE-2021-22946

CVE-2021-22947

Published

2021-10-28T22:12:43Z

Modified

2026-06-04T09:45:31.470109657Z

Summary

Fix CVE(s): CVE-2021-22946, CVE-2021-22947

Details

SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h.
- debian/patches/CVE-2021-22946-pre2.patch: support PREAUTH response code in lib/imap.c, lib/imap.h, tests/data/Makefile.inc, tests/data/test846.
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983.
- CVE-2021-22947

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2021-1635459163

Affected packages

TuxCare:Ubuntu:16.04

curl

Package

Name: curl
Purl: pkg:deb/tuxcare/curl?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl3

Package

Name: libcurl3
Purl: pkg:deb/tuxcare/libcurl3?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl3-gnutls

Package

Name: libcurl3-gnutls
Purl: pkg:deb/tuxcare/libcurl3-gnutls?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl3-nss

Package

Name: libcurl3-nss
Purl: pkg:deb/tuxcare/libcurl3-nss?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl4-doc

Package

Name: libcurl4-doc
Purl: pkg:deb/tuxcare/libcurl4-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl4-gnutls-dev

Package

Name: libcurl4-gnutls-dev
Purl: pkg:deb/tuxcare/libcurl4-gnutls-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl4-nss-dev

Package

Name: libcurl4-nss-dev
Purl: pkg:deb/tuxcare/libcurl4-nss-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"

libcurl4-openssl-dev

Package

Name: libcurl4-openssl-dev
Purl: pkg:deb/tuxcare/libcurl4-openssl-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.23

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459163.json"