Oracle Linux: CVE-2022-27775: ELSA-2022-8299: curl security update (LOW) (Multiple Advisories)
Description
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. A vulnerability was found in curl. This security flaw occurs due to errors in the logic where the config matching function did not take the IPv6 address zone id into account. This issue can lead to curl reusing the wrong connection when one transfer uses a zone id, and the subsequent transfer uses another.
Solution(s)
- oracle-linux-upgrade-curl
- oracle-linux-upgrade-curl-minimal
- oracle-linux-upgrade-libcurl
- oracle-linux-upgrade-libcurl-devel
- oracle-linux-upgrade-libcurl-minimal
- oracle-linux-upgrade-qt5-qtbase
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center