Red Hat Product Errata RHSA-2023:3460 - Security Advisory
Issued:
2023-06-06
Updated:
2023-06-06

RHSA-2023:3460 - Security Advisory

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: HTTP compression denial of service (CVE-2022-32206)
  • curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2099300 - CVE-2022-32206 curl: HTTP compression denial of service
  • BZ - 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
curl-7.61.1-18.el8_4.3.src.rpm SHA-256: afa5ba9d700c90fce94f89ae766ea1abc4d9ccec637257e6750ab155a2815c33
x86_64
curl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 08100ecbed9a8036bc78740617603cd48e65c0af0ed797665cfefdf2ba23815d
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: ce5a86f83b37c06a3ade8089d556b1edc02f15bb04bebd471b725b92a6c25eba
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 9d4940b782ebb34deb3a12c1340c9949887fee7946b90830cbcb7b1bbf7127d5
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm SHA-256: b7c82e5f597a5a7c09b64c1901b26db540da1c725b3fe86ec8c397b6a0d14b48
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: a19b829723de6f258916ff6c6c752e401e4e399cf5f6aa409f8b1f3a4105a4af
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 856ecac69ba38cd8d34546b3dfbcbbe8b47095c633f9bb3008e2a744716ac6a5
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 7f27d5864d75e8dd056958dadd4bcadbdcc7ac53b469697652dd84b50f73930e
libcurl-7.61.1-18.el8_4.3.i686.rpm SHA-256: 244fd1b3a9458529e95ac83f3987ee19953412c9638f9fec2a4a6cc54ae03345
libcurl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 345eab816a440145054a321bdd0904761478e4d913f4add7e6ea317ae7271ca8
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: b514c0b4ef7be1f9e41eaa5fc45e22bd1ad8ce842c28ac0ddb4f9cf047a4de74
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 92b423f0c362424e92eb1ea1d0c08ee1ee6bccc0919d62add7a5440a99927525
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm SHA-256: 8a4dc8d46487ac731abb2489b180e7a2a915f4de1c5678fa3428388253c6f93e
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 608a6056fd7815d3ca20929cc1b4a02040bba4f613e8475fcb574703aecbd107
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm SHA-256: 221c5f797a673380b6b9da352c246bfcb5c5c5119c1e980bdcf43183fbd6ae89
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 48237ff6841b77f8e33677bdefa755d48284c65ea07ccc373c180201eb7b8c14
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 52e58391a293b9d5f3fa12e6cd1b88084bee128b7b92207dccf7a019f77f18f8
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: e2c0cef3bf5ca6974bd02bafd85d816132645169713081a5c0a6d823b9bf78ee

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
curl-7.61.1-18.el8_4.3.src.rpm SHA-256: afa5ba9d700c90fce94f89ae766ea1abc4d9ccec637257e6750ab155a2815c33
x86_64
curl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 08100ecbed9a8036bc78740617603cd48e65c0af0ed797665cfefdf2ba23815d
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: ce5a86f83b37c06a3ade8089d556b1edc02f15bb04bebd471b725b92a6c25eba
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 9d4940b782ebb34deb3a12c1340c9949887fee7946b90830cbcb7b1bbf7127d5
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm SHA-256: b7c82e5f597a5a7c09b64c1901b26db540da1c725b3fe86ec8c397b6a0d14b48
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: a19b829723de6f258916ff6c6c752e401e4e399cf5f6aa409f8b1f3a4105a4af
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 856ecac69ba38cd8d34546b3dfbcbbe8b47095c633f9bb3008e2a744716ac6a5
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 7f27d5864d75e8dd056958dadd4bcadbdcc7ac53b469697652dd84b50f73930e
libcurl-7.61.1-18.el8_4.3.i686.rpm SHA-256: 244fd1b3a9458529e95ac83f3987ee19953412c9638f9fec2a4a6cc54ae03345
libcurl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 345eab816a440145054a321bdd0904761478e4d913f4add7e6ea317ae7271ca8
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: b514c0b4ef7be1f9e41eaa5fc45e22bd1ad8ce842c28ac0ddb4f9cf047a4de74
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 92b423f0c362424e92eb1ea1d0c08ee1ee6bccc0919d62add7a5440a99927525
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm SHA-256: 8a4dc8d46487ac731abb2489b180e7a2a915f4de1c5678fa3428388253c6f93e
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 608a6056fd7815d3ca20929cc1b4a02040bba4f613e8475fcb574703aecbd107
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm SHA-256: 221c5f797a673380b6b9da352c246bfcb5c5c5119c1e980bdcf43183fbd6ae89
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 48237ff6841b77f8e33677bdefa755d48284c65ea07ccc373c180201eb7b8c14
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 52e58391a293b9d5f3fa12e6cd1b88084bee128b7b92207dccf7a019f77f18f8
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: e2c0cef3bf5ca6974bd02bafd85d816132645169713081a5c0a6d823b9bf78ee

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
curl-7.61.1-18.el8_4.3.src.rpm SHA-256: afa5ba9d700c90fce94f89ae766ea1abc4d9ccec637257e6750ab155a2815c33
x86_64
curl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 08100ecbed9a8036bc78740617603cd48e65c0af0ed797665cfefdf2ba23815d
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: ce5a86f83b37c06a3ade8089d556b1edc02f15bb04bebd471b725b92a6c25eba
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 9d4940b782ebb34deb3a12c1340c9949887fee7946b90830cbcb7b1bbf7127d5
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm SHA-256: b7c82e5f597a5a7c09b64c1901b26db540da1c725b3fe86ec8c397b6a0d14b48
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: a19b829723de6f258916ff6c6c752e401e4e399cf5f6aa409f8b1f3a4105a4af
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 856ecac69ba38cd8d34546b3dfbcbbe8b47095c633f9bb3008e2a744716ac6a5
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 7f27d5864d75e8dd056958dadd4bcadbdcc7ac53b469697652dd84b50f73930e
libcurl-7.61.1-18.el8_4.3.i686.rpm SHA-256: 244fd1b3a9458529e95ac83f3987ee19953412c9638f9fec2a4a6cc54ae03345
libcurl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 345eab816a440145054a321bdd0904761478e4d913f4add7e6ea317ae7271ca8
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: b514c0b4ef7be1f9e41eaa5fc45e22bd1ad8ce842c28ac0ddb4f9cf047a4de74
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 92b423f0c362424e92eb1ea1d0c08ee1ee6bccc0919d62add7a5440a99927525
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm SHA-256: 8a4dc8d46487ac731abb2489b180e7a2a915f4de1c5678fa3428388253c6f93e
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 608a6056fd7815d3ca20929cc1b4a02040bba4f613e8475fcb574703aecbd107
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm SHA-256: 221c5f797a673380b6b9da352c246bfcb5c5c5119c1e980bdcf43183fbd6ae89
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 48237ff6841b77f8e33677bdefa755d48284c65ea07ccc373c180201eb7b8c14
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 52e58391a293b9d5f3fa12e6cd1b88084bee128b7b92207dccf7a019f77f18f8
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: e2c0cef3bf5ca6974bd02bafd85d816132645169713081a5c0a6d823b9bf78ee

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
curl-7.61.1-18.el8_4.3.src.rpm SHA-256: afa5ba9d700c90fce94f89ae766ea1abc4d9ccec637257e6750ab155a2815c33
ppc64le
curl-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: cc92947b73127974857cb29a71aa172efd8fb666f36565c841446bd32cbb9eb5
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: d30905eddff1f564c692c3fcb8cc5430ae2375802fbc1c78325b5b57705f43da
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: e951849962cb672430bca0d8512374d9e595b67706909cc76c074971f87e9615
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: 18123f18c62dd12e8b6d5f71e5da04874294086d3c2ecc085f21c8ecf17ae49b
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: cae6d161e5401f366ce8f42c5e4a53616d95101b6d1419cd5dd53c91e4133257
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: 31aed572c8a36e2b461307dba9afcdfa08c35de3954cd69865ea2069e90aa950
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: 03fae5cba1b5af64459857a268d649479d372a1a71e60d86fc3f45fe37a946ad
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: 18682e3026842d169266a6dd2ebc767f9476ccdd9d0b326059f08b2c1da4eff2
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm SHA-256: 8e4480ae0abb06a5808805d62bd29980c0343e7aa846062b360c3d610cc99c16

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
curl-7.61.1-18.el8_4.3.src.rpm SHA-256: afa5ba9d700c90fce94f89ae766ea1abc4d9ccec637257e6750ab155a2815c33
x86_64
curl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 08100ecbed9a8036bc78740617603cd48e65c0af0ed797665cfefdf2ba23815d
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: ce5a86f83b37c06a3ade8089d556b1edc02f15bb04bebd471b725b92a6c25eba
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 9d4940b782ebb34deb3a12c1340c9949887fee7946b90830cbcb7b1bbf7127d5
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm SHA-256: b7c82e5f597a5a7c09b64c1901b26db540da1c725b3fe86ec8c397b6a0d14b48
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: a19b829723de6f258916ff6c6c752e401e4e399cf5f6aa409f8b1f3a4105a4af
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 856ecac69ba38cd8d34546b3dfbcbbe8b47095c633f9bb3008e2a744716ac6a5
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 7f27d5864d75e8dd056958dadd4bcadbdcc7ac53b469697652dd84b50f73930e
libcurl-7.61.1-18.el8_4.3.i686.rpm SHA-256: 244fd1b3a9458529e95ac83f3987ee19953412c9638f9fec2a4a6cc54ae03345
libcurl-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 345eab816a440145054a321bdd0904761478e4d913f4add7e6ea317ae7271ca8
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: b514c0b4ef7be1f9e41eaa5fc45e22bd1ad8ce842c28ac0ddb4f9cf047a4de74
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 92b423f0c362424e92eb1ea1d0c08ee1ee6bccc0919d62add7a5440a99927525
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm SHA-256: 8a4dc8d46487ac731abb2489b180e7a2a915f4de1c5678fa3428388253c6f93e
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 608a6056fd7815d3ca20929cc1b4a02040bba4f613e8475fcb574703aecbd107
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm SHA-256: 221c5f797a673380b6b9da352c246bfcb5c5c5119c1e980bdcf43183fbd6ae89
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: 48237ff6841b77f8e33677bdefa755d48284c65ea07ccc373c180201eb7b8c14
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm SHA-256: 52e58391a293b9d5f3fa12e6cd1b88084bee128b7b92207dccf7a019f77f18f8
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm SHA-256: e2c0cef3bf5ca6974bd02bafd85d816132645169713081a5c0a6d823b9bf78ee

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.