Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8: MGASA-2022-0159 Critical: Curl OAUTH2 Bypass and Credential Leaks

mageia
Calendar Grey May 2, 2022
Dist Mageia Esm H88
Revamped curl distributions address several vulnerabilities, tackling credential exposure, reusing IPv6 connections, and circumventing OAUTH2 protections.
OAUTH2 bearer bypass in connection re-use

Summary

OAUTH2 bearer bypass in connection re-use. (CVE-2022-22576) Credential leak on redirect. (CVE-2022-27774) Bad local IPv6 connection reuse. (CVE-2022-27775) Auth/cookie leak on redirect. (CVE-2022-27776)

References

- https://bugs.mageia.org/show_bug.cgi?id=30352

- https://curl.se/docs/CVE-2022-22576.html

- https://curl.se/docs/CVE-2022-27774.html

- https://curl.se/docs/CVE-2022-27775.html

- https://curl.se/docs/CVE-2022-27776.html

- https://ubuntu.com/security/notices/USN-5397-1

- https://www.cve.org/CVERecord?id=CVE-2022-22576

- https://www.cve.org/CVERecord?id=CVE-2022-27774

- https://www.cve.org/CVERecord?id=CVE-2022-27775

- https://www.cve.org/CVERecord?id=CVE-2022-27776

Topics%20covered

Topics Covered

security advisory curl credential leak connection reuse Mageia redirection issue OAUTH2 bypass

Resolution

SRPMS

- 8/core/curl-7.74.0-1.5.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 02 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0159.html
Type: security
CVE: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776

Topics%20covered

Topics Covered

security advisory curl credential leak connection reuse Mageia redirection issue OAUTH2 bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here