RLSA-2023:4523

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2023:4523.json

Related

CVE-2023-27536
CVE-2023-28321

Published

2023-10-06T23:10:01.903350Z

Modified

2023-10-06T23:11:38.957990Z

Summary

Moderate: curl security update

Details

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: GSS delegation too eager connection re-use (CVE-2023-27536)
curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://errata.rockylinux.org/RLSA-2023:4523
https://bugzilla.redhat.com/show_bug.cgi?id=2179092
https://bugzilla.redhat.com/show_bug.cgi?id=2196786

Affected packages

Rocky Linux:8 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:7.61.1-30.el8_8.3