RHSA-2023:2478: Low: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es): curl: Incorrect handling of control code characters in cookies (CVE-2022-35252) curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:2478?
The severity of RHSA-2023:2478 is categorized as moderate due to the potential for security vulnerabilities in the curl packages.
How do I fix RHSA-2023:2478?
To fix RHSA-2023:2478, you should update the curl packages to version 7.76.1-23.el9 or later.
What vulnerabilities are addressed in RHSA-2023:2478?
RHSA-2023:2478 addresses vulnerabilities including CVE-2022-35252 related to incorrect handling of control code characters in cookies.
Which packages are affected by RHSA-2023:2478?
Affected packages in RHSA-2023:2478 include curl, libcurl, curl-debuginfo, and others versioned below 7.76.1-23.el9.
Is it safe to use curl after applying the updates for RHSA-2023:2478?
Yes, using curl after applying the updates for RHSA-2023:2478 is safe as the vulnerabilities will be mitigated.