RHSA-2023:2963: Low: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es): curl: Incorrect handling of control code characters in cookies (CVE-2022-35252) curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:2963?
RHSA-2023:2963 is categorized as a moderate severity vulnerability.
How do I fix RHSA-2023:2963?
To fix RHSA-2023:2963, update the curl package to version 7.61.1-30.el8 or later.
Which packages are affected by RHSA-2023:2963?
RHSA-2023:2963 affects the curl, libcurl, curl-debuginfo, and other associated packages.
What specific vulnerability does RHSA-2023:2963 address?
RHSA-2023:2963 addresses the incorrect handling of control code characters in cookies (CVE-2022-35252).
When was RHSA-2023:2963 released?
RHSA-2023:2963 was released on the date specified in the advisory by Red Hat.