Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202107-59 - log back

ASA-202107-59 edited at 22 Jul 2021 15:56:33

Workaround

-	CVE-2021-22922 and CVE-2021-22923 can be mitigated by making sure not to use metalink with curl. CVE-2021-22925 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.
+	CVE-2021-22922 and CVE-2021-22923 can be mitigated by making sure not
+	to use metalink with curl. CVE-2021-22925 can be mitigated by avoiding
+	to use the -t command line option and CURLOPT_TELNETOPTIONS. No known
+	workaround exists for CVE-2021-22924.

ASA-202107-59 edited at 21 Jul 2021 21:43:58

Workaround

+	CVE-2021-22922 and CVE-2021-22923 can be mitigated by making sure not to use metalink with curl. CVE-2021-22925 can be mitigated by avoiding to use the -t command line option and CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924.

Impact

+

curl could disclose information credentials or potentially sensitive memory contents to a remote server when the metalink feature or an uncommon option for TELNET servers is used. Additionally, curl did not sufficiently verify the hashes of files downloaded using metalink and the 'issuer cert' when reusing connections.

ASA-202107-59 created at 21 Jul 2021 21:35:05