Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:5002 - Security Advisory
Issued:
2020-11-10
Updated:
2020-11-10

RHSA-2020:5002 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1847915 - CVE-2020-8177 curl: Incorrect argument check can allow remote servers to overwrite local files

CVEs

  • CVE-2020-8177

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux Workstation 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux Desktop 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
s390x
curl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: f19cf1b41d0603872a88832e6ce1d3ae8eab83e5cea3c4738eca4ae606f2d1d4
curl-debuginfo-7.29.0-59.el7_9.1.s390.rpm SHA-256: 16095a2d0a73120315e2413fb4b16d55af9144e3533390f16288ead4bff76938
curl-debuginfo-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a2e9c897d933253f8866b81fcf342088f01522a6c3d8135e5a1ea73b0ed5331b
libcurl-7.29.0-59.el7_9.1.s390.rpm SHA-256: f4bcf5812446dc5f4e1ea937d03ba04f759b014b2de6ec5428209252ba522796
libcurl-7.29.0-59.el7_9.1.s390x.rpm SHA-256: a5570f728919cc6d93477670d352d5b859060384bedbd478cbcf426a35917e31
libcurl-devel-7.29.0-59.el7_9.1.s390.rpm SHA-256: ad3a20ace6f7d6a30379ae68bfe8e128eda8bc4b7b0e9aedd548981b39a80ec9
libcurl-devel-7.29.0-59.el7_9.1.s390x.rpm SHA-256: c02abb3d88d83b17274120e8b73d6f46171e0eb3ba2122df39d16d0b3df6a5b1

Red Hat Enterprise Linux for Power, big endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64
curl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: d6519340dbbeb2ea343b7d0dafc03b5803b0aca8e41bf6f4896b1274b83c16c1
curl-debuginfo-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 52d2d0764a2c51998bf07014fe91d396fe133a617610abbb4ec4e71f6d0c0880
curl-debuginfo-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 4b0ae3e48a3d562db8b3d27ef3eb84aedd22b5fdbce6467ed2f432a72a655851
libcurl-7.29.0-59.el7_9.1.ppc.rpm SHA-256: 0f13e2ba43f60e1628d6c6988b6501183b9484f1ffe68555eaa2356a15537b8c
libcurl-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 7d7dd653ddd2f1ec19c4fab3c0418a2adf866125af6d7ea2f95a68d185276076
libcurl-devel-7.29.0-59.el7_9.1.ppc.rpm SHA-256: f76085609c8dc17893a1646e89bb92c5d484fc46fbc45da92e16f0c4686d49a8
libcurl-devel-7.29.0-59.el7_9.1.ppc64.rpm SHA-256: 588e700dd1c96562470bed38eb6a98e46dea15c210706a528e9840cbfaa22fc1

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
x86_64
curl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: aef9051c6ee3d4c97e71ddfd69e9232c68e2a8c231a5425d89372671ce9cfb01
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.i686.rpm SHA-256: a0aa4d38d80a4d0e3877ea405d0dad642d6fcc427f4ecac0389df8f1d24a6179
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
curl-debuginfo-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 95204fa3be83cc36ed87eb3c13d3a7e033d897c31ff50b3ea9ccda65a1a76565
libcurl-7.29.0-59.el7_9.1.i686.rpm SHA-256: 81e073fa267060d8a21a379ddbbf93046b7c29d0f1edbef32483be140707dbc3
libcurl-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: 226176c96ff04fd585da34d5f4d367a03177d2cd1838e76d12c967030b92b352
libcurl-devel-7.29.0-59.el7_9.1.i686.rpm SHA-256: 1bb4f2429f0c936f3de35024180f59c47680059300212bfe81797ddbf97aceea
libcurl-devel-7.29.0-59.el7_9.1.x86_64.rpm SHA-256: fddf788f54452671189dd5dae2ae3fcf9c115b385bdd6a5bedd634ffad3809ad

Red Hat Enterprise Linux for Power, little endian 7

SRPM
curl-7.29.0-59.el7_9.1.src.rpm SHA-256: 08890558a65748b0e4c19fb9b2b9a298eba25d26eb2ed2af61abdb835bf6ce98
ppc64le
curl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: bbd9fa4794f39119cd848581bcd112c04c38a28c637ea8adaaa0cef297a3a287
curl-debuginfo-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: d7bf4b103db49bcb98815d068e2e417255c9984db3f38236d9821927c7ec67fe
libcurl-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 08427c223271b7b6411a8b84d7db0e8c79c79a72aad0f91540407aa449513d90
libcurl-devel-7.29.0-59.el7_9.1.ppc64le.rpm SHA-256: 8e632086797c8fcba9973d0a650eb0a95188fa8d2ac2c4ed5e8bd66a51590ea1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter