ID

VAR-202108-2222

CVE

CVE-2021-22924

TITLE

cURL  Incorrectly resolved name and reference usage vulnerabilities in

DESCRIPTION

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925) Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management 2.1.11 security fix and container updates Advisory ID: RHSA-2021:3653-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:3653 Issue date: 2021-09-23 CVE Names: CVE-2020-27777 CVE-2021-3653 CVE-2021-22555 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-23017 CVE-2021-29154 CVE-2021-29650 CVE-2021-31535 CVE-2021-32399 CVE-2021-36222 CVE-2021-37750 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fix: * management-ingress-container: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. *Important:* This upgrade of Red Hat Advanced Cluster Management for Kubernetes is not supported when you are running Red Hat Advanced Cluster Management on Red Hat OpenShift Container Platform version 4.5. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-op erator 4. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images 5. References: https://access.redhat.com/security/cve/CVE-2020-27777 https://access.redhat.com/security/cve/CVE-2021-3653 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-29650 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYUy3Q9zjgjWX9erEAQghKQ//ScUdzD9Wj7hOPBGlzqP+Tzf6tshOs01y UhdZq+uYuiGU1DL1Cjxr5T34RQnOeGgJZpKbepPqiVjwv/81jKOyZ4i+EnLRLKZe ++nlB8jhCV0KSHf3lv07NacNhBavsxss8xjDiAnhNbfjJ6Uj9I80+pOzvfFwGfOb E2NOdEvn3IgJqCzi0zLJwej3EE34DthVddyb04ky6pNAJsM+rNyaSG8uT+kXyVtq HArqeW7J1FKOSnJE6mz9qOEUQUqRATCJQXJHAH+SgA0aXEpBwiYoQPZQobEBAQfy y5I2lIWOTJNJhTZ4UdEb3HFcQWJy4k6u4oRs3IAzx9GOG12RWFhAYZNkkQ0HkyHz aVDS9ljw205SjemT6OlFi6OvDZant9kSK0FNu9TgtDxueGv4f/MmdGcriGOFO4b0 a1lVI9eVXrJOea2hBM7UXcWSoytEwrACtoVwYGLhBUe3KadWHsUfG80AvbQbfJbD rn75PO95wada+CXL00nfEcYs5RjiaiUNZQ3JOYqRWqvGsrYil/rRHy1d3zvNMy5n NDnOs2StxpMJumAdk3kNPslx5t4yMeH6zS0+VxBEfUrRIppMroOPRJx9I6FWvWoF TdUVSgVoKXoetfEauykfdcNvL+WwQNNOWkwOvs70T2t2PvtqAOeK/TyiOS1RVmcX 43iuBNFpffE= =1qOw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Quay 3.6.0 release Security Fix(es): * nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774) * python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289) * nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516) * nodejs-debug: Regular expression Denial of Service (CVE-2017-16137) * nodejs-mime: Regular expression Denial of Service (CVE-2017-16138) * nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107) * nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492) * nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270) * nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920) * nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237) * urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291) * python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290) * python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291) * python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292) * python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293) * nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515) * python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921) * python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922) * python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923) * python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552) * nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109) * lodash: Prototype pollution in utilities function (CVE-2018-3721) * hoek: Prototype pollution in utilities function (CVE-2018-3728) * lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266) * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608) * python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install 6. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1998844 - virt-handler Pod is missing xorrisofs command 2008522 - "unable to execute QEMU agent command 'guest-get-users'" logs in virt-launcher pod every 10 seconds 2010334 - VM is not able to be migrated after failed migration 2012328 - 2.6.8 containers 2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-29T22:38:28.875000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE