Debian Bug report logs -
#965281
curl: CVE-2020-8177
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 18 Jul 2020 19:51:07 UTC
Severity: important
Tags: security, upstream
Found in versions curl/7680-1, curl/7521 ...
Several security issues were fixed in curl ...
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s)
CVE-2020-8177
sn reporte ...
command line arguments lead to local file overwrite (CVE-2020-8177) ...
This issue only affects the 'curl' command line utility Additionally, this is only an issue when using the '-J' (with the '-O' option) and '-i' command line options combined In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Moderate: curl security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
Synopsis
Moderate: curl security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Synopsis
Moderate: OpenShift Container Platform 4523 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4523 is now available with updates to packages and images that fix several bugsThis release includes a security update for Kubern ...
Synopsis
Moderate: Release of OpenShift Serverless 1110
Type/Severity
Security Advisory: Moderate
Topic
Release of OpenShift Serverless 1110
Description
Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...
Synopsis
Moderate: OpenShift Container Platform 4612 extras and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has ra ...
Synopsis
Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis
Moderate: OpenShift Container Platform 4520 bug fix and golang security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...
Synopsis
Moderate: OpenShift Container Platform 4612 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red Hat ...
Synopsis
Moderate: OpenShift Virtualization 253 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Virtualization release 253 is now available with updates to packages and images that fix several bugs and security issuesRed Hat Product Security has rated this ...
Synopsis
Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis
Important: OpenShift Container Platform 469 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 469 is now available with updates to packages and images that fix several bugs and add enhancementsThis release also includes a ...
Synopsis
Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
An issue has been found in curl from 7200 upto and including 7700, which can be tricked by a malicious server to overwrite a local file when using -J (--remote-header-name) and -i (--head) in the same command line When curl -J is used it doesn’t work together with -i and there’s a check that prevents it from getting used The check was fla ...