MGASA-2021-0438
- Source
- https://advisories.mageia.org/MGASA-2021-0438.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0438.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0438
- Related
- Published
- 2021-09-23T04:49:29Z
- Modified
- 2021-09-23T04:06:47Z
- Summary
- Updated curl packages fix security vulnerability
- Details
-
UAF and double-free in MQTT sending. (CVE-2021-22945)
Protocol downgrade required TLS bypassed. (CVE-2021-22946)
STARTTLS protocol injection via MITM. (CVE-2021-22947)
- References
-
- https://advisories.mageia.org/MGASA-2021-0438.html
- https://bugs.mageia.org/show_bug.cgi?id=29461
- https://curl.se/docs/CVE-2021-22945.html
- https://curl.se/docs/CVE-2021-22946.html
- https://curl.se/docs/CVE-2021-22947.html
- https://ubuntu.com/security/notices/USN-5079-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J64OFB3I6OV4T3FD3PVSPTCKGUJCXUXX/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / curl
Package
- Name
- curl
- Purl
- pkg:rpm/mageia/curl?distro=mageia-8