CVE-2021-22925 Archives - TuxCare

CentOS 6 ELS: curl package with the fix for the CVE-2021-22925: gradual rollout completed

A new updated curl package with the fix for the CVE-2021-22925 within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

Continue reading “CentOS 6 ELS: curl package with the fix for the CVE-2021-22925: gradual rollout completed”

Curl’s 20-year-old bug is resilient – back for another fix – CVE-2021-22925

Some weeks ago, CVE-2021-22898 was published. It affects curl/libcurl from version 7.7, dating from the 22nd of March 2001. It consisted of a flaw in the way a rarely used option, CURLOPT_TELNETOPTIONS, was parsed which could lead to data exfiltration. At the time, a fix was produced and submitted to the curl/libcurl codebase, and the problem dealt with. That is, until CVE-2021-22925 showed up on the 21st of July. Apparently the initial fix for the previous vulnerability did not correctly address the issue, and so a new fix has been produced.

This issue affects curl version 7.7 up to 7.77.0, which is roughly all curl versions included by default in most Linux distributions for the previous 20 years except for the most recent distribution versions that ship curl 7.78.0 (or higher).

TuxCare’s Extended Lifecycle Support team has prepared and has started to make available the new patch for all affected distributions, namely CloudLinux 6, CentOS 6, OracleLinux 6 and Ubuntu 16.04.

 

Continue reading “Curl’s 20-year-old bug is resilient – back for another fix – CVE-2021-22925”

OracleLinux 6 ELS: curl package with the fix for the CVE-2021-22925 released

A new updated curl package with the fix for the CVE-2021-22925 within OracleLinux 6 ELS is now available for download from our production repository.

Continue reading “OracleLinux 6 ELS: curl package with the fix for the CVE-2021-22925 released”

Ubuntu 16.04 ELS: curl package with the fix for the CVE-2021-22925 released

A new updated curl package with the fix for the CVE-2021-22925 within Ubuntu 16.04 ELS is now available for download from our production repository.

CentOS 6 ELS: curl package with the fix for the CVE-2021-22925 gradual rollout

A new updated curl package with the fix for the CVE-2021-22925 within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching