CVE-2021-22901: "TLS session caching disaster libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client." CVE-2021-22898: "TELNET stack contents disclosure curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending `NEW_ENV` variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server. Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol." Fixed in 7.77.0, please bump.
Added to an existing GLSA request.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=165dd6597ef914e03559478024450ea84459372f commit 165dd6597ef914e03559478024450ea84459372f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-05-26 09:54:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-26 09:54:39 +0000 net-misc/curl: add 7.77.0 Bug: https://bugs.gentoo.org/792192 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 1 + net-misc/curl/curl-7.77.0.ebuild | 295 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 296 insertions(+)
x86 stable
This issue was resolved and addressed in GLSA 202105-36 at https://security.gentoo.org/glsa/202105-36 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
amd64 done
arm64 done
ppc done
ppc64 stable
sparc stable
hppa done
arm done all arches done
Please cleanup.
(In reply to John Helmert III from comment #13) > Please cleanup. done
(In reply to Anthony Basile from comment #14) > (In reply to John Helmert III from comment #13) > > Please cleanup. > > done Thank you! GLSA already sent, all done.