Amazon Linux 1 Security Advisory: ALAS-2020-1444
Advisory Release Date: 2020-11-14 01:22 Pacific
Advisory Updated Date: 2020-11-16 21:17 Pacific
A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-8231)
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
i686:
curl-debuginfo-7.61.1-12.95.amzn1.i686
libcurl-7.61.1-12.95.amzn1.i686
curl-7.61.1-12.95.amzn1.i686
libcurl-devel-7.61.1-12.95.amzn1.i686
src:
curl-7.61.1-12.95.amzn1.src
x86_64:
libcurl-devel-7.61.1-12.95.amzn1.x86_64
curl-7.61.1-12.95.amzn1.x86_64
libcurl-7.61.1-12.95.amzn1.x86_64
curl-debuginfo-7.61.1-12.95.amzn1.x86_64