Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorymoderatecurlopenSUSE Leap 15.2: 2021:1384-1 Moderate: Curl Issues Fixed
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1384-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1384=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): curl-7.66.0-lp152.3.24.1 curl-debuginfo-7.66.0-lp152.3.24.1 curl-debugsource-7.66.0-lp152.3.24.1 curl-mini-7.66.0-lp152.3.24.1 curl-mini-debuginfo-7.66.0-lp152.3.24.1 curl-mini-debugsource-7.66.0-lp152.3.24.1 libcurl-devel-7.66.0-lp152.3.24.1 libcurl-mini-devel-7.66.0-lp152.3.24.1 libcurl4-7.66.0-lp152.3.24.1 libcurl4-debuginfo-7.66.0-lp152.3.24.1 libcurl4-mini-7.66.0-lp152.3.24.1 libcurl4-mini-debuginfo-7.66.0-lp152.3.24.1 - openSUSE Leap 15.2 (x86_64): libcurl-devel-32bit-7.66.0-lp152.3.24.1 libcurl4-32bit-7.66.0-lp152.3.24.1 libcurl4-32bit-debuginfo-7.66.0-lp152.3.24.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . A fresh update for openSUSE addresses two significant issues in curl, improving both security and overall performance.. openSUSE curl update, curl security, protocol injection, TLS bypass. . LinuxSecurity.com Team
Oct 18, 2021
OpenSUSE
100
security advisorymoderatesuseSUSE: 2021:396-1 Moderate: curl Security Issues Resolved
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:396-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.458 Container Release : 4.22.458 Severity : moderate Type : security References : 1190373 1190374 CVE-2021-22946 CVE-2021-22947 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3297-1 Released: Wed Oct 6 16:53:29 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). . SUSE Container Maintenance Notice: suse/sle15 featuring critical security updates and enhancements related to wget flaws.. suse/sle15, container security, curl fixes, moderate threats. . LinuxSecurity.com Team
Oct 13, 2021
SuSE
100
security advisorymoderateSUSESUSE: 2021:3360-1 Critical: Apache Server Exploits and Config Flaws
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3351-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3351=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3351=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3351=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3351=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.30.1 curl-debuginfo-7.60.0-4.30.1 curl-debugsource-7.60.0-4.30.1 libcurl4-32bit-7.60.0-4.30.1 libcurl4-7.60.0-4.30.1 libcurl4-debuginfo-32bit-7.60.0-4.30.1 libcurl4-debuginfo-7.60.0-4.30.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.30.1 curl-debuginfo-7.60.0-4.30.1 curl-debugsource-7.60.0-4.30.1 libcurl4-32bit-7.60.0-4.30.1 libcurl4-7.60.0-4.30.1 libcurl4-debuginfo-32bit-7.60.0-4.30.1 libcurl4-debuginfo-7.60.0-4.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.30.1 curl-debuginfo-7.60.0-4.30.1 curl-debugsource-7.60.0-4.30.1 libcurl4-7.60.0-4.30.1 libcurl4-debuginfo-7.60.0-4.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.30.1 libcurl4-debuginfo-32bit-7.60.0-4.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.30.1 curl-debuginfo-7.60.0-4.30.1 curl-debugsource-7.60.0-4.30.1 libcurl4-7.60.0-4.30.1 libcurl4-debuginfo-7.60.0-4.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.30.1 libcurl4-debuginfo-32bit-7.60.0-4.30.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . This Oracle Security Patch addresses various vulnerabilities in OpenSSL and provides guidance for applying the updates.. SUSE Update, Curl Patch, OS Security, Security Fix, OpenStack Update. . LinuxSecurity.com Team
Oct 12, 2021
SuSE
100
security advisorymoderate severitySUSE LinuxSUSE 12-SP5: Security Update 2021:3332-1 Moderate: Curl Issues
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3332-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3332=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3332=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.28.1 curl-debugsource-7.60.0-11.28.1 libcurl-devel-7.60.0-11.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.28.1 curl-debuginfo-7.60.0-11.28.1 curl-debugsource-7.60.0-11.28.1 libcurl4-7.60.0-11.28.1 libcurl4-debuginfo-7.60.0-11.28.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.28.1 libcurl4-debuginfo-32bit-7.60.0-11.28.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . SUSE Security Patch for wget aims to tackle command injection and SSL loopholes with medium severity.. SUSE Linux, curl security fix, software patch, TLS vulnerability, protocol security. . Severity: Important. LinuxSecurity.com Team
Oct 11, 2021
•Important
SuSE
100
security advisorymoderatesoftware updateSUSE: 2021:3298-1 Moderate: Curl Protocol Injection and TLS Bypass
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3298-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3298=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3298=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3298=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3298=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): curl-7.66.0-4.27.1 curl-debuginfo-7.66.0-4.27.1 curl-debugsource-7.66.0-4.27.1 libcurl4-7.66.0-4.27.1 libcurl4-debuginfo-7.66.0-4.27.1 -SUSE MicroOS 5.0 (aarch64 x86_64): curl-7.66.0-4.27.1 curl-debuginfo-7.66.0-4.27.1 curl-debugsource-7.66.0-4.27.1 libcurl4-7.66.0-4.27.1 libcurl4-debuginfo-7.66.0-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.27.1 curl-debuginfo-7.66.0-4.27.1 curl-debugsource-7.66.0-4.27.1 libcurl-devel-7.66.0-4.27.1 libcurl4-7.66.0-4.27.1 libcurl4-debuginfo-7.66.0-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-4.27.1 libcurl4-32bit-debuginfo-7.66.0-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.27.1 curl-debuginfo-7.66.0-4.27.1 curl-debugsource-7.66.0-4.27.1 libcurl-devel-7.66.0-4.27.1 libcurl4-7.66.0-4.27.1 libcurl4-debuginfo-7.66.0-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.27.1 libcurl4-32bit-debuginfo-7.66.0-4.27.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . This Debian security patch resolves significant vulnerabilities in wget along with guidance for resolution and impacted software.. curl Patch, Moderate Security Update, Protocol Improvement, SUSE Fix. . LinuxSecurity.com Team
Oct 06, 2021
SuSE
100
security advisoryupdatemoderate severitySUSE: 2021:14807-1 Moderate Advisory for Curl Protocol Flaws
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14807-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14807=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.74.1 libcurl4-openssl1-7.37.0-70.74.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.74.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.74.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . A new Security Patch from SUSE for curl resolves moderate concerns regarding protocol injection as well as vulnerabilities allowingTLS bypass.. SUSE Security Update, Curl Update, TLS Issues, Moderate Fix. . LinuxSecurity.com Team
Sep 23, 2021
SuSE
203
security advisorydouble freecurlMageia 8: 2021-0438 Moderate: Curl UAF and TLS Bypass Issues
UAF and double-free in MQTT sending. (CVE-2021-22945) Protocol downgrade required TLS bypassed. (CVE-2021-22946) STARTTLS protocol injection via MITM. (CVE-2021-22947) . MGASA-2021-0438 - Updated curl packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0438.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-22945, CVE-2021-22946, CVE-2021-22947 UAF and double-free in MQTT sending. (CVE-2021-22945) Protocol downgrade required TLS bypassed. (CVE-2021-22946) STARTTLS protocol injection via MITM. (CVE-2021-22947) References: - https://bugs.mageia.org/show_bug.cgi?id=29461 - https://curl.se/docs/CVE-2021-22945.html - https://curl.se/docs/CVE-2021-22946.html - https://curl.se/docs/CVE-2021-22947.html - https://ubuntu.com/security/notices/USN-5079-1 - https://lists.fedoraproject.org/archives/list/
Sep 23, 2021
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!