An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1908 Final 1.0 1.0 2022-09-09 Initial 2022-09-09 2022-09-09 openEuler SA Tool V1.0 2022-09-09 curl security update An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols. Security Fix(es): When curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a "sister site" to deny service to siblings. Reference: https://curl.se/docs/CVE-2022-35252.html(CVE-2022-35252) An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low curl https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1908 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS curl-7.71.1-18.oe1.aarch64.rpm libcurl-devel-7.71.1-18.oe1.aarch64.rpm curl-debuginfo-7.71.1-18.oe1.aarch64.rpm libcurl-7.71.1-18.oe1.aarch64.rpm curl-debugsource-7.71.1-18.oe1.aarch64.rpm curl-debuginfo-7.71.1-18.oe1.aarch64.rpm libcurl-7.71.1-18.oe1.aarch64.rpm curl-7.71.1-18.oe1.aarch64.rpm libcurl-devel-7.71.1-18.oe1.aarch64.rpm curl-debugsource-7.71.1-18.oe1.aarch64.rpm libcurl-devel-7.79.1-10.oe2203.aarch64.rpm curl-7.79.1-10.oe2203.aarch64.rpm curl-debuginfo-7.79.1-10.oe2203.aarch64.rpm curl-debugsource-7.79.1-10.oe2203.aarch64.rpm libcurl-7.79.1-10.oe2203.aarch64.rpm curl-help-7.71.1-18.oe1.noarch.rpm curl-help-7.71.1-18.oe1.noarch.rpm curl-help-7.79.1-10.oe2203.noarch.rpm curl-7.71.1-18.oe1.src.rpm curl-7.71.1-18.oe1.src.rpm curl-7.79.1-10.oe2203.src.rpm curl-debuginfo-7.71.1-18.oe1.x86_64.rpm libcurl-7.71.1-18.oe1.x86_64.rpm libcurl-devel-7.71.1-18.oe1.x86_64.rpm curl-7.71.1-18.oe1.x86_64.rpm curl-debugsource-7.71.1-18.oe1.x86_64.rpm curl-7.71.1-18.oe1.x86_64.rpm curl-debuginfo-7.71.1-18.oe1.x86_64.rpm libcurl-devel-7.71.1-18.oe1.x86_64.rpm curl-debugsource-7.71.1-18.oe1.x86_64.rpm libcurl-7.71.1-18.oe1.x86_64.rpm libcurl-7.79.1-10.oe2203.x86_64.rpm curl-7.79.1-10.oe2203.x86_64.rpm libcurl-devel-7.79.1-10.oe2203.x86_64.rpm curl-debugsource-7.79.1-10.oe2203.x86_64.rpm curl-debuginfo-7.79.1-10.oe2203.x86_64.rpm When curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a sister site to deny service to siblings.Reference:https://curl.se/docs/CVE-2022-35252.html 2022-09-09 CVE-2022-35252 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Low 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L curl security update 2022-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1908