Univention Bugzilla – Bug 55626
curl: Multiple issues (5.0)
Last modified: 2023-02-01 17:24:21 CET
New Debian curl 7.64.0-4+deb10u4 fixes: This update addresses the following issues: * credential leak on redirect (CVE-2022-27774) * POST following PUT confusion (CVE-2022-32221) * Incorrect handling of control code characters in cookies (CVE-2022-35252) * Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)
--- mirror/ftp/pool/main/c/curl/curl_7.64.0-4+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/curl_7.64.0-4+deb10u4.dsc @@ -1,3 +1,28 @@ +7.64.0-4+deb10u4 [Thu, 26 Jan 2023 08:47:05 -0500] Roberto C. Sánchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-27774: + An insufficiently protected credentials vulnerability exists in curl that + could allow an attacker to extract credentials when follows HTTP(S) + redirects is used with authentication could leak credentials to other + services that exist on different protocols or port numbers. + * Follow up to CVE-2022-27782: + The patch included to address this CVE in 7.64.0-4+deb10u3 contained a + defect which resulted in the vulnerability being completely addressed. The + patch is corrected and the vulberability is fully addressed in this version. + * CVE-2022-32221: + When doing HTTP(S) transfers, libcurl might erroneously use the read + callback (CURLOPT_READFUNCTION) to ask for data to send, even when the + CURLOPT_POSTFIELDS option has been set, if the same handle previously was + used to issue a PUT request which used that callback. + * CVE-2022-35252: + When curl is used to retrieve and parse cookies from a HTTP(S) server, + it accepts cookies using control codes that when later are sent back to a + HTTP server might make the server return 400 responses. Effectively + allowing a "sister site" to deny service to all siblings. + * CVE-2022-43552: + HTTP Proxy deny use-after-free + 7.64.0-4+deb10u3 [Sun, 28 Aug 2022 17:35:03 +0200] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/5.0-2/#358382355045877857>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] e29d863362 Bug #55626: curl 7.64.0-4+deb10u4 doc/errata/staging/curl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-2] bbf057d017 Bug #55626: curl 7.64.0-4+deb10u4 doc/errata/staging/curl.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x557>