ELSA-2021-4511 -- Oracle curl_libcurlID: oval:org.secpod.oval:def:1505269 | Date: (C)2021-11-24 (M)2024-04-03 |
Class: PATCH | Family: unix |
[7.61.1-22] - fix STARTTLS protocol injection via MITM - fix protocol downgrade required TLS bypass [7.61.1-21] - fix TELNET stack contents disclosure again - fix TELNET stack contents disclosure - fix bad connection reuse due to flawed path name checks - disable metalink support to fix the following vulnerabilities CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded [7.61.1-20] - fix a cppchecks false positive in 0029-curl-7.61.1-CVE-2021-22876.patch [7.61.1-19] - make curl --head file:// work as expected - prevent automatic referer from leaking credentials