QID 670976
Date Published: 2021-11-24
QID 670976: EulerOS Security Update for curl (EulerOS-SA-2021-2627)
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.
Security Fix(es):
A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick users into downloading malicious content. The highest threat from this vulnerability is to integrity.(CVE-2021-22922)
A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to credentials provided while downloading content without the user's knowledge. The highest threat from this vulnerability is to confidentiality.(CVE-2021-22923)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
An arbitrary attacker may exploit this vulnerability to compromise the system.
CVEs related to QID 670976
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| EulerOS-SA-2021-2627 | EulerOS V2.0SP8 |
developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2627 |