Lucene search
RedHatRHSA-2021:4511HistoryNov 09, 2021 - 9:38 a.m.
(RHSA-2021:4511) Moderate: curl security and bug fix update
2021-11-0909:38:13
access.redhat.com
38
0.009 Low
EPSS
Percentile
83.1%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TELNET stack contents disclosure (CVE-2021-22898)
-
curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | x86_64 | libcurl-debuginfo | < 7.61.1-22.el8 | libcurl-debuginfo-7.61.1-22.el8.x86_64.rpm |
| RedHat | 8 | s390x | curl | < 7.61.1-22.el8 | curl-7.61.1-22.el8.s390x.rpm |
| RedHat | 8 | i686 | libcurl | < 7.61.1-22.el8 | libcurl-7.61.1-22.el8.i686.rpm |
| RedHat | 8 | x86_64 | libcurl-devel | < 7.61.1-22.el8 | libcurl-devel-7.61.1-22.el8.x86_64.rpm |
| RedHat | 8 | s390x | libcurl-minimal | < 7.61.1-22.el8 | libcurl-minimal-7.61.1-22.el8.s390x.rpm |
| RedHat | 8 | s390x | curl-debuginfo | < 7.61.1-22.el8 | curl-debuginfo-7.61.1-22.el8.s390x.rpm |
| RedHat | 8 | ppc64le | libcurl-devel | < 7.61.1-22.el8 | libcurl-devel-7.61.1-22.el8.ppc64le.rpm |
| RedHat | 8 | x86_64 | curl-debuginfo | < 7.61.1-22.el8 | curl-debuginfo-7.61.1-22.el8.x86_64.rpm |
| RedHat | 8 | x86_64 | curl | < 7.61.1-22.el8 | curl-7.61.1-22.el8.x86_64.rpm |
| RedHat | 8 | i686 | libcurl-devel | < 7.61.1-22.el8 | libcurl-devel-7.61.1-22.el8.i686.rpm |
Related
nessus
nessus
Rocky Linux 8 : curl (RLSA-2021:4511)
2022-02-09 00:00:00
AlmaLinux 8 : curl (ALSA-2021:4511)
2022-02-09 00:00:00
RHEL 8 : curl (RHSA-2021:4511)
2021-11-11 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2021-11-09 09:38:13
osv
osv
Moderate: curl security and bug fix update
2021-11-09 09:38:13
Moderate: curl security and bug fix update
2021-11-09 09:38:13
curl vulnerability
2022-01-20 11:40:36
rocky
rocky
curl security and bug fix update
2021-11-09 09:38:13
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2457)
2021-09-24 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2656)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2827)
2021-12-30 00:00:00
veracode
veracode
Information Disclosure
2021-07-22 05:50:58
Information Disclosure
2021-04-01 00:29:21
Information Disclosure
2021-05-28 12:59:20
ubuntucve
ubuntucve
amazon
amazon
hackerone
hackerone
curl: CVE-2021-22925: TELNET stack contents disclosure again
2021-06-11 12:15:31
curl: CVE-2021-22898: TELNET stack contents disclosure
2021-04-27 09:49:43
curl: CVE-2021-22876: Automatic referer leaks credentials
2021-02-12 01:08:34
ubuntu
ubuntu
curl vulnerability
2022-01-20 00:00:00
curl vulnerabilities
2021-07-22 00:00:00
curl vulnerabilities
2023-02-27 00:00:00
redhatcve
redhatcve
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
USN-4898-1: curl vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
archlinux
archlinux
[ASA-202107-64] lib32-libcurl-gnutls: multiple issues
2021-07-21 00:00:00
[ASA-202107-60] lib32-curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-63] libcurl-gnutls: multiple issues
2021-07-21 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2021-05-26 00:00:00
alpinelinux
alpinelinux
cbl_mariner
cbl_mariner
CVE-2021-22925 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22925 affecting package curl 7.76.0-9
2021-08-11 06:39:26
CVE-2021-22898 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
ibm
ibm
cloudlinux
cloudlinux
Fix of CVE-2021-22876
2021-04-01 14:02:42
Fix of CVE: CVE-2021-22898
2021-09-21 22:04:32
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44
suse
suse
Security update for curl (moderate)
2021-07-11 00:00:00
Security update for curl (moderate)
2021-05-29 00:00:00
Security update for curl (moderate)
2021-04-05 00:00:00
prion
prion
Stack overflow
2021-06-11 16:15:00
Stack overflow
2021-08-05 21:15:00
Cross site request forgery (csrf)
2021-04-01 18:15:00
cvelist
cvelist
cve
cve
freebsd
freebsd
curl -- Automatic referer leaks credentials
2021-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34
2021-07-23 01:06:01
[SECURITY] Fedora 34 Update: curl-7.76.0-1.fc34
2021-04-06 00:16:51
nvd
nvd
debiancve
debiancve
debian
debian
[SECURITY] [DLA 2664-1] curl security update
2021-05-17 16:31:27
[SECURITY] [DLA 2734-1] curl security update
2021-08-13 04:32:15
mageia
mageia
Updated curl packages fix a security vulnerability
2021-06-09 00:45:12
Updated curl packages fix security vulnerabilities
2021-04-12 22:59:59
f5
f5
K22415133 : cURL vulnerability CVE-2021-22898
2021-10-12 00:00:00
photon
photon
slackware
slackware
[slackware-security] curl
2021-04-01 01:05:48