Two security issues were found in Curl, an easy-to-use client-side URL
transfer library and command line tool:
CVE-2023-38545
Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake
CVE-2023-38546
It was discovered that under some circumstances libcurl was
susceptible to cookie injection
For the oldstable distribution ...
An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met The libcurl provided function, curl_easy_duphandle(), is used to duplicate the easy_handle associated with a transfer If a duplicated transfer's easy_handle has cookies enabled when it is duplicated, the cookie-enabled state is ...
An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code
When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution In cases where the hostname is greater than 255 characters in le ...
Description<!---->A flaw was found in the Curl package This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are metA flaw was found in the Curl package This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are me ...
On October 11, 2023, cURL released Version 840 of the cURL utility and the libcurl library This release addressed two security vulnerabilities:
CVE-2023-38545 - High Security Impact Rating (SIR)
CVE-2023-38546 - Low SIR
This advisory covers CVE-2023-38545 only For more information about this vulnerability, see the cURL advisory
This adviso ...
概述
Important: OpenShift Virtualization 4136 security and bug fix update
类型/严重性
Security Advisory: Important
标题
Red Hat OpenShift Virtualization release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security i ...
Synopsis
Low: curl security and bug fix update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis
Important: OpenShift Container Platform 4142 security and extras update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 414 ...
Synopsis
Important: OpenShift Container Platform 41244 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41244 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: OpenShift Container Platform 41244 security and extras update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41244 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Synopsis
Important: OpenShift Virtualization 4141 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4141 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...
概述
Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update
类型/严重性
Security Advisory: Important
标题
Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis
Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update
Type/Severity
Security Advisory: Important
Topic
Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog
Description
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...
Synopsis
Important: curl security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis
Important: OpenShift Container Platform 41322 security and extras update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Synopsis
Important: curl security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis
Important: OpenShift Container Platform 41154 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41154 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: OpenShift Container Platform 41154 security and extras update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41154 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
概述
Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update
类型/严重性
Security Advisory: Important
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
查看受影响的系统
标题
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has ...
Synopsis
Moderate: curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for curl is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated this u ...
Synopsis
Important: Migration Toolkit for Applications security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Synopsis
Important: Red Hat OpenShift GitOps v193 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 19Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
Synopsis
Important: OpenShift Container Platform 41243 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41243 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: Red Hat OpenShift Enterprise security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift Container Platform 412Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Synopsis
Important: Network Observability security update
Type/Severity
Security Advisory: Important
Topic
An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...
Synopsis
Important: Red Hat OpenStack Platform 1711 (director-operator) security update
Type/Severity
Security Advisory: Important
Topic
An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17 ...
Synopsis
Important: OpenShift Virtualization 4129 Images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4129 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Synopsis
Low: Logging Subsystem 581- Red Hat OpenShift security update
Type/Severity
Security Advisory: Low
Topic
An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Synopsis
Important: OpenShift Virtualization 4135 Images security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact o ...
Synopsis
Important: OpenShift Container Platform 41322 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: cert-manager Operator for Red Hat OpenShift 1115
Type/Severity
Security Advisory: Important
Topic
cert-manager Operator for Red Hat OpenShift 1115Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Important: OpenShift Container Platform 4142 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Synopsis
Important: cert-manager Operator for Red Hat OpenShift 1121
Type/Severity
Security Advisory: Important
Topic
cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Important: curl security update
Type / Sévérité
Security Advisory: Important
Analyse des correctifs dans Red Hat Insights
Identifiez et remédiez aux systèmes concernés par cette alerte
Voir les systèmes concernés
Sujet
An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has r ...
Synopsis
Important: Kernel Module Management security update
Type/Severity
Security Advisory: Important
Topic
This is an update for the Red Hat OpenShift Kernel Module Management 11 operator and images to address CVE-2023-44487 which Red Hat has assessed as being Important (sees accessredhatcom/security/cve/CVE-2023-44487 for detai ...
A logic flaw has been found in cURL before 840, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met ...
A vulnerability (VTS23-013) exists in JP1/VERITAS
Affected products and versions are listed below ...
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page
Apple security documents reference vulnerabilities by CVE-ID whe ...
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page
Apple security documents reference vulnerabilities by CVE-ID whe ...
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page
Apple security documents reference vulnerabilities by CVE-ID whe ...