CLSA-2024-1711562558

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1711562558.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2024-1711562558
Upstream
Published
2024-03-27T18:02:41Z
Modified
2026-06-01T00:33:17.383631391Z
Summary
curl: Fix of 3 CVEs
Details
  • Moved tuxcare patches from 7.29.0-59.1.tuxcare.els2
  • CVE-2023-38546: cookie: remove unnecessary struct fields
  • CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse
  • CVE-2023-27534: fix SFTP path '~' resolving discrepancy
  • fix read off end of array for SCP home directory case
References

Affected packages

TuxCare:CentOS:7 / curl

Package

Name
curl
Purl
pkg:rpm/tuxcare/curl?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.29.0-59.el7_9.2.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1711562558.json"

TuxCare:CentOS:7 / libcurl

Package

Name
libcurl
Purl
pkg:rpm/tuxcare/libcurl?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.29.0-59.el7_9.2.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1711562558.json"

TuxCare:CentOS:7 / libcurl-devel

Package

Name
libcurl-devel
Purl
pkg:rpm/tuxcare/libcurl-devel?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.29.0-59.el7_9.2.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1711562558.json"