ALAS-2020-1444


Amazon Linux AMI Security Advisory: ALAS-2020-1444
Advisory Release Date: 2020-11-14 01:22 Pacific
Advisory Updated Date: 2020-11-16 21:17 Pacific
Severity: Low
References: CVE-2020-8231 

Issue Overview:

A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-8231 )


Affected Packages:

curl


Issue Correction:
Run yum update curl to update your system.

New Packages:
i686:
    curl-debuginfo-7.61.1-12.95.amzn1.i686
    libcurl-7.61.1-12.95.amzn1.i686
    curl-7.61.1-12.95.amzn1.i686
    libcurl-devel-7.61.1-12.95.amzn1.i686

src:
    curl-7.61.1-12.95.amzn1.src

x86_64:
    libcurl-devel-7.61.1-12.95.amzn1.x86_64
    curl-7.61.1-12.95.amzn1.x86_64
    libcurl-7.61.1-12.95.amzn1.x86_64
    curl-debuginfo-7.61.1-12.95.amzn1.x86_64