CLSA-2024:1711562558

[CLSA-2024:1711562558] curl: Fix of 3 CVEs

Type:

security

Severity:

None

Release date:

2024-03-27 18:02:41 UTC

Description:

- Moved tuxcare patches from 7.29.0-59.1.tuxcare.els2
- CVE-2023-38546: cookie: remove unnecessary struct fields
- CVE-2022-27782: check additional TLS or SSH connection parameters that should
  have prohibited connection reuse
- CVE-2023-27534: fix SFTP path '~' resolving discrepancy
- fix read off end of array for SCP home directory case

Updated packages:

curl-7.29.0-59.el7_9.2.tuxcare.els1.x86_64.rpm
sha:41eec66a63677954a764a4d274c2066d5d2756e5
libcurl-7.29.0-59.el7_9.2.tuxcare.els1.i686.rpm
sha:7774267dd1dd8c29434016350a37450e67863ab6
libcurl-7.29.0-59.el7_9.2.tuxcare.els1.x86_64.rpm
sha:c3c2525f2cd0a9b884bfdf4890982918e7ce1d3b
libcurl-devel-7.29.0-59.el7_9.2.tuxcare.els1.i686.rpm
sha:1723e81d78c94128adde4431980cacb86778349b
libcurl-devel-7.29.0-59.el7_9.2.tuxcare.els1.x86_64.rpm
sha:70acfc58e39dd74948fd376cd9889f6a366069c7

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.