Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:5002 - Security Advisory
Issued:
2020-11-10
Updated:
2020-11-10

RHSA-2020:5002 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1847915 - CVE-2020-8177 curl: Incorrect argument check can allow remote servers to overwrite local files

CVEs

  • CVE-2020-8177

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux Workstation 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux Desktop 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
s390x
curl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: f19cf1b41d0603872a88832e6ce1d3ae8eab83e5cea3c4738eca4ae606f2d1d4
curl-debuginfo-7.29.0-59.el7_9.1.s390.rpm SHA-256: 16095a2d0a73120315e2413fb4b16d55af9144e3533390f16288ead4bff76938
curl-debuginfo-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a2e9c897d933253f8866b81fcf342088f01522a6c3d8135e5a1ea73b0ed5331b
libcurl-7.29.0-59.el7_9.1.s390.rpm SHA-256: f4bcf5812446dc5f4e1ea937d03ba04f759b014b2de6ec5428209252ba522796
libcurl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a5570f728919cc6d93477670d352d5b859060384bedbd478cbcf426a35917e31
libcurl-devel-7.29.0-59.el7_9.1.s390.rpm SHA-256: ad3a20ace6f7d6a30379ae68bfe8e128eda8bc4b7b0e9aedd548981b39a80ec9
libcurl-devel-7.29.0-59.el7_9.1.s390x.rpm SHA-256: c02abb3d88d83b17274120e8b73d6f46171e0eb3ba2122df39d16d0b3df6a5b1

Red Hat Enterprise Linux for Power, big endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64
curl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: d6519340dbbeb2ea343b7d0dafc03b5803b0aca8e41bf6f4896b1274b83c16c1
curl-debuginfo-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 52d2d0764a2c51998bf07014fe91d396fe133a617610abbb4ec4e71f6d0c0880
curl-debuginfo-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 4b0ae3e48a3d562db8b3d27ef3eb84aedd22b5fdbce6467ed2f432a72a655851
libcurl-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 0f13e2ba43f60e1628d6c6988b6501183b9484f1ffe68555eaa2356a15537b8c
libcurl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 7d7dd653ddd2f1ec19c4fab3c0418a2adf866125af6d7ea2f95a68d185276076
libcurl-devel-7.29.0-59.el7_9.1.ppc.rpm SHA-256: f76085609c8dc17893a1646e89bb92c5d484fc46fbc45da92e16f0c4686d49a8
libcurl-devel-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 588e700dd1c96562470bed38eb6a98e46dea15c210706a528e9840cbfaa22fc1

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux for Power, little endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64le
curl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: bbd9fa4794f39119cd848581bcd112c04c38a28c637ea8adaaa0cef297a3a287
curl-debuginfo-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: d7bf4b103db49bcb98815d068e2e417255c9984db3f38236d9821927c7ec67fe
libcurl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 08427c223271b7b6411a8b84d7db0e8c79c79a72aad0f91540407aa449513d90
libcurl-devel-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 8e632086797c8fcba9973d0a650eb0a95188fa8d2ac2c4ed5e8bd66a51590ea1

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
s390x
curl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: f19cf1b41d0603872a88832e6ce1d3ae8eab83e5cea3c4738eca4ae606f2d1d4
curl-debuginfo-7.29.0-59.el7_9.1.s390.rpm SHA-256: 16095a2d0a73120315e2413fb4b16d55af9144e3533390f16288ead4bff76938
curl-debuginfo-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a2e9c897d933253f8866b81fcf342088f01522a6c3d8135e5a1ea73b0ed5331b
libcurl-7.29.0-59.el7_9.1.s390.rpm SHA-256: f4bcf5812446dc5f4e1ea937d03ba04f759b014b2de6ec5428209252ba522796
libcurl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a5570f728919cc6d93477670d352d5b859060384bedbd478cbcf426a35917e31
libcurl-devel-7.29.0-59.el7_9.1.s390.rpm SHA-256: ad3a20ace6f7d6a30379ae68bfe8e128eda8bc4b7b0e9aedd548981b39a80ec9
libcurl-devel-7.29.0-59.el7_9.1.s390x.rpm SHA-256: c02abb3d88d83b17274120e8b73d6f46171e0eb3ba2122df39d16d0b3df6a5b1

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64
curl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: d6519340dbbeb2ea343b7d0dafc03b5803b0aca8e41bf6f4896b1274b83c16c1
curl-debuginfo-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 52d2d0764a2c51998bf07014fe91d396fe133a617610abbb4ec4e71f6d0c0880
curl-debuginfo-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 4b0ae3e48a3d562db8b3d27ef3eb84aedd22b5fdbce6467ed2f432a72a655851
libcurl-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 0f13e2ba43f60e1628d6c6988b6501183b9484f1ffe68555eaa2356a15537b8c
libcurl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 7d7dd653ddd2f1ec19c4fab3c0418a2adf866125af6d7ea2f95a68d185276076
libcurl-devel-7.29.0-59.el7_9.1.ppc.rpm SHA-256: f76085609c8dc17893a1646e89bb92c5d484fc46fbc45da92e16f0c4686d49a8
libcurl-devel-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 588e700dd1c96562470bed38eb6a98e46dea15c210706a528e9840cbfaa22fc1

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64le
curl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: bbd9fa4794f39119cd848581bcd112c04c38a28c637ea8adaaa0cef297a3a287
curl-debuginfo-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: d7bf4b103db49bcb98815d068e2e417255c9984db3f38236d9821927c7ec67fe
libcurl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 08427c223271b7b6411a8b84d7db0e8c79c79a72aad0f91540407aa449513d90
libcurl-devel-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 8e632086797c8fcba9973d0a650eb0a95188fa8d2ac2c4ed5e8bd66a51590ea1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility