Amazon Linux 2022 Security Advisory: ALAS-2023-276
Advisory Release Date: 2023-01-20 16:44 Pacific
Advisory Updated Date: 2023-01-24 21:15 Pacific
Severity:
Medium
Issue Overview:
No description is available for this CVE. (CVE-2022-43551)
A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer. (CVE-2022-43552)
Affected Packages:
curl
Issue Correction:
Run dnf update curl to update your system.
New Packages:
aarch64:
libcurl-debuginfo-7.87.0-2.amzn2022.0.1.aarch64
curl-debuginfo-7.87.0-2.amzn2022.0.1.aarch64
curl-minimal-debuginfo-7.87.0-2.amzn2022.0.1.aarch64
libcurl-7.87.0-2.amzn2022.0.1.aarch64
curl-debugsource-7.87.0-2.amzn2022.0.1.aarch64
libcurl-minimal-7.87.0-2.amzn2022.0.1.aarch64
libcurl-minimal-debuginfo-7.87.0-2.amzn2022.0.1.aarch64
curl-7.87.0-2.amzn2022.0.1.aarch64
curl-minimal-7.87.0-2.amzn2022.0.1.aarch64
libcurl-devel-7.87.0-2.amzn2022.0.1.aarch64
src:
curl-7.87.0-2.amzn2022.0.1.src
x86_64:
libcurl-debuginfo-7.87.0-2.amzn2022.0.1.x86_64
curl-minimal-debuginfo-7.87.0-2.amzn2022.0.1.x86_64
libcurl-minimal-debuginfo-7.87.0-2.amzn2022.0.1.x86_64
curl-debugsource-7.87.0-2.amzn2022.0.1.x86_64
libcurl-minimal-7.87.0-2.amzn2022.0.1.x86_64
curl-minimal-7.87.0-2.amzn2022.0.1.x86_64
curl-debuginfo-7.87.0-2.amzn2022.0.1.x86_64
curl-7.87.0-2.amzn2022.0.1.x86_64
libcurl-7.87.0-2.amzn2022.0.1.x86_64
libcurl-devel-7.87.0-2.amzn2022.0.1.x86_64