ID

VAR-202109-1789

CVE

CVE-2021-22947

TITLE

Migration Toolkit For Containers Data forgery problem vulnerability

DESCRIPTION

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:0635-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0635 Issue date: 2022-02-22 CVE Names: CVE-2021-22946 CVE-2021-22947 ===================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: curl-7.61.1-12.el8_2.4.src.rpm aarch64: curl-7.61.1-12.el8_2.4.aarch64.rpm curl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm curl-debugsource-7.61.1-12.el8_2.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-7.61.1-12.el8_2.4.aarch64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-devel-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm ppc64le: curl-7.61.1-12.el8_2.4.ppc64le.rpm curl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm curl-debugsource-7.61.1-12.el8_2.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-devel-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm s390x: curl-7.61.1-12.el8_2.4.s390x.rpm curl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm curl-debugsource-7.61.1-12.el8_2.4.s390x.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-7.61.1-12.el8_2.4.s390x.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-devel-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm x86_64: curl-7.61.1-12.el8_2.4.x86_64.rpm curl-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm curl-debugsource-7.61.1-12.el8_2.4.i686.rpm curl-debugsource-7.61.1-12.el8_2.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-7.61.1-12.el8_2.4.i686.rpm libcurl-7.61.1-12.el8_2.4.x86_64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-devel-7.61.1-12.el8_2.4.i686.rpm libcurl-devel-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYhVgXNzjgjWX9erEAQgHCA/+JI0ozw9cVk03UmnCHzbjlMNDRuwnKUyY PGs/vO9d1Z8aj9n6fSeSv/JKv4BWuiFzip6nNzLoId0gbevfDw2BaIr7sODRFrei dz2v44z+PMIBelCp4hEc8SJywAKx+/5pLIXZMUGrhdsF4HueSIVbIGlEGnYImdq6 wbK4jjdJlsymoVaMYPOnP9xTWG6+Mg/BZ6Yv5fvudSll88DTKygfBV1OjBLaVuPn /cdHBWsakhsVr4oS2HbEbFe8AAmmCPRib5Korc/bvQgeVKUT/l8PKOJsu6DU33oM iiWP3PkMdjmBFyH+7wYp2zdaiKRdjvzBSCw+F49x1bms8+DtHf7lQI2++y2IZE5V kvBTOBlVfBSz5m+P2yV8SVj6iPCc0D2gKo36eYoosM58CGf9RbOXXvabAU1yq+lp tlvH118iMQRlYKmodX0GT6YZh5BkXG4vv66kXMbvw1FiZhzxmsKPy6od+/Fv9j3Q ZEB5uuLMaDlDowWDo1egHa9OhH/uIGnhZYWDrXWbIUD//+frXxTGQbE0esGOX5Ek L0GHHsakKHjUanU9luIUSPzXhrfTxP0Ctj1T2URIkR66rgaYL81wWGgr1A59EPqA niRYe1YeCmVvNFB3eN75tP/r+4nh6FAG3EbTue9aOxbJOAOoZacu+8TC2CI2s1kz D0XkOmBk64M= =3H1R -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-5079-1 introduced a regression in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16 In general, a standard system update will make all the necessary changes. Summary: The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.4.0 General Availability release images, which fix several bugs and security issues. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.4/html/release_notes/ Security fixes: * CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method * CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack * CVE-2021-32627: redis: Integer overflow issue with Streams * CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure * CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser * CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request * CVE-2021-32687: redis: Integer overflow issue with intsets * CVE-2021-32690: helm: information disclosure vulnerability * CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite * CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite * CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name * CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow * CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-41099: redis: Integer overflow issue with strings Bug fixes: * RFE ACM Application management UI doesn't reflect object status (Bugzilla #1965321) * RHACM 2.4 files (Bugzilla #1983663) * Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366) * submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla #1994668) * ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915) * InfraEnv condition does not reflect the actual error message (Bugzilla #2009204, 2010030) * Flaky test point to a nil pointer conditions list (Bugzilla #2010175) * InfraEnv status shows 'Failed to create image: internal error (Bugzilla #2010272) * subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla #2013157) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1965321 - RFE ACM Application management UI doesn't reflect object status 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1983663 - RHACM 2.4.0 images 1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite 1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite 1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot 1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb 2003915 - pre-network-manager-config failed due to timeout when static config is used 2009204 - InfraEnv condition does not reflect the actual error message 2010030 - InfraEnv condition does not reflect the actual error message 2010175 - Flaky test point to a nil pointer conditions list 2010272 - InfraEnv status shows 'Failed to create image: internal error 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks 2014084 - pre-network-manager-config failed due to timeout when static config is used 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

data forgery

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-08-12T20:27:49.453000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE