Debian Bug report logs -
#989228
curl: CVE-2021-22898: TELNET stack contents disclosure
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 29 May 2021 15:15:02 UTC
Severity: important
Tags: security, upstream
Found in ...
Multiple security vulnerabilities have been discovered in cURL, an URL
transfer library These flaws may allow remote attackers to obtain sensitive
information, leak authentication or cookie header data or facilitate a
denial of service attack
For the stable distribution (bullseye), these problems have been fixed in
version 7740-13+deb11u2
We ...
Synopsis
Moderate: Red Hat OpenShift distributed tracing 210 security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat Openshit distributed tracing 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: Release of containers for OSP 162 director operator tech preview
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview
Description
Release osp-director-operator imagesSecurity Fix(es): golang: net/http: limit growth of h ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
Synopsis
Moderate: Release of OpenShift Serverless 1200
Type/Severity
Security Advisory: Moderate
Topic
Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...
Synopsis
Moderate: Gatekeeper Operator v02 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Gatekeeper Operator v02Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available f ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 154 security update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects This could lead to exposure of the credentials to the server to which requests were redirected (CVE-2021-22876)
A vulnerability was found in curl where a flaw in the option ...
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol (CVE-2021-22898)
A flaw was found in ...
It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects This could lead to exposure of the credentials to the server to which requests were redirected (CVE-2021-22876)
A vulnerability was found in curl where a flaw in the option ...
A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol The highest threat from this vulnerability is to co ...
A security issue has been found in curl before version 7770 curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl This rarely used option is used to send variable=content pairs to TELNET servers Due to flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from ...