ALAS-2020-1444

Amazon Linux 1 (EOL) Security Advisory: ALAS-2020-1444
Advisory Released Date: 2020-11-18
Advisory Updated Date: 2020-11-18

Severity: Low

References: CVE-2020-8231
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-8231)

Affected Packages:

curl

Issue Correction:
Run yum update curl to update your system.

New Packages:

i686:
    curl-debuginfo-7.61.1-12.95.amzn1.i686
    libcurl-7.61.1-12.95.amzn1.i686
    curl-7.61.1-12.95.amzn1.i686
    libcurl-devel-7.61.1-12.95.amzn1.i686

src:
    curl-7.61.1-12.95.amzn1.src

x86_64:
    libcurl-devel-7.61.1-12.95.amzn1.x86_64
    curl-7.61.1-12.95.amzn1.x86_64
    libcurl-7.61.1-12.95.amzn1.x86_64
    curl-debuginfo-7.61.1-12.95.amzn1.x86_64

Additional References

Red Hat: CVE-2020-8231

Mitre: CVE-2020-8231