Red Hat Security Advisory 2023-7743-03 - An update for curl is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
61dbe3d2b3594ca5695aedfacb1df711d9c810c40b51103802dcc2651ee85a6eGentoo Linux Security Advisory 202310-12 - Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. Versions greater than or equal to 8.3.0-r2 are affected.
3d74f33aacaddb6a8bc503eb43a420da64cb7375f9303e7a1b65cded7a8b82f6Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.
b9b138ef5ed2017d1d6071fb95c69743b0800e58f2f41055d4d6bcb0d2caee06Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
252acb6439c37d57d435d183f3aa4787523afbcaecc3e6fbfba5f267fd67ba49Red Hat Security Advisory 2023-3354-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
872079b042f0763e48a97309fcbc46a8880cc332bd629c972bb2a0f58175222aRed Hat Security Advisory 2023-3355-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
cced047a9c8b64215ce3e215ff5c91c3249ad0174bafa7de957f9317816d705dRed Hat Security Advisory 2023-2963-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include file download and use-after-free vulnerabilities.
006feb222afe5b1a95cbfec0de94409663f53491d7e4f71e806fdb198dcc2aeaRed Hat Security Advisory 2023-2478-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a use-after-free vulnerability.
e0f7c563d598654703d33220bd560353f3a8ce8b120fd69ae0599bb9c0ed485aApple Security Advisory 2023-03-27-3 - macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
cb75f6c37534e8f4215e6f7a345a9fb3a56b1318a90f16c63dcb93ae4ed9d148Ubuntu Security Notice 5894-1 - Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
e37c54adb345a8e0ec2fd5d39b32ff3d558c9da7c9f55c027abecd853a8db855Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
c6fc6848e50216229db276b6a61ea17d23706f3f9aadd8dd9c2779ef72f1c34eUbuntu Security Notice 5788-1 - Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
3ef92df63b6493af5d8bf8786dd0e272eec83c93043b706adf9ec6157dddd4d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed