First published: Tue Nov 09 2021(Updated: )
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.<br>Security Fix(es):<br><li> curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)</li> <li> curl: TELNET stack contents disclosure (CVE-2021-22898)</li> <li> curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/curl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debugsource | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debugsource | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-devel | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-devel | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-debugsource | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-devel | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/libcurl-minimal-debuginfo | <7.61.1-22.el8 | 7.61.1-22.el8 |
redhat/curl | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/curl-debuginfo | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/curl-debugsource | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/curl-minimal-debuginfo | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/libcurl | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/libcurl-debuginfo | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/libcurl-devel | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/libcurl-minimal | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
redhat/libcurl-minimal-debuginfo | <7.61.1-22.el8.aa | 7.61.1-22.el8.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2021:4511 is considered critical due to the potential leak of authentication credentials.
To fix RHSA-2021:4511, update to the curl package version 7.61.1-22.el8 or later.
Affected packages include curl, libcurl, and their respective debuginfo and debugsource versions prior to 7.61.1-22.el8.
RHSA-2021:4511 addresses a vulnerability identified as CVE-2021-22876, which involves the leak of authentication credentials.
Yes, systems using curl versions lower than 7.61.1-22.el8 are vulnerable to the issues described in RHSA-2021:4511.