AIX Open Source

Hi AIX OpenSource-Team,

please update curl, because of the following security issues.

AIX Toolbox Version: 7.76.1

AFFECTED VERSIONS

• Affected versions: curl 7.73.0 to and including 7.78.0
• Not affected versions: curl < 7.73.0 and curl >= 7.79.0

RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT

---

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22945.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22946.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22947.html

---

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

Hi Niklas,

Thank you for reporting this.
We will look into this.

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Thu September 16, 2021 03:38 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi AIX OpenSource-Team,

please update curl, because of the following security issues.

AIX Toolbox Version: 7.76.1

AFFECTED VERSIONS

• Affected versions: curl 7.73.0 to and including 7.78.0
• Not affected versions: curl < 7.73.0 and curl >= 7.79.0

RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT

---

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22945.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22946.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22947.html

---

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

Hi Senket,

is there an update? Secure operation is extremely important for our mission-critical AIX systems.

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------


Original Message:
Sent: Mon September 20, 2021 02:36 AM
From: SANKET RATHI
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi Niklas,

Thank you for reporting this.
We will look into this.

------------------------------
SANKET RATHI

Original Message:
Sent: Thu September 16, 2021 03:38 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi AIX OpenSource-Team,

please update curl, because of the following security issues.

AIX Toolbox Version: 7.76.1

AFFECTED VERSIONS

• Affected versions: curl 7.73.0 to and including 7.78.0
• Not affected versions: curl < 7.73.0 and curl >= 7.79.0

RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT

---

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22945.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22946.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22947.html

---

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

We are working on building and testing latest curl.
There are some process before publishing and it is taking time.
Hope to publish the new curl in couple of weeks.

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Mon October 04, 2021 02:05 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi Senket,

is there an update? Secure operation is extremely important for our mission-critical AIX systems.

------------------------------
Niklas
System Engineer UNIX and Linux on Power

Original Message:
Sent: Mon September 20, 2021 02:36 AM
From: SANKET RATHI
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi Niklas,

Thank you for reporting this.
We will look into this.

------------------------------
SANKET RATHI

Original Message:
Sent: Thu September 16, 2021 03:38 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi AIX OpenSource-Team,

please update curl, because of the following security issues.

AIX Toolbox Version: 7.76.1

AFFECTED VERSIONS

• Affected versions: curl 7.73.0 to and including 7.78.0
• Not affected versions: curl < 7.73.0 and curl >= 7.79.0

RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT

---

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22945.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22946.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22947.html

---

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

curl version 7.79.1 is uploaded on AIX toolbox. This version has fix for mentioned CVEs.
Please find the new curl version at following location.
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/curl/?C=M;O=D

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Tue October 05, 2021 01:47 PM
From: SANKET RATHI
Subject: Curl - Security Advisory - Update to 7.79.0 needed

We are working on building and testing latest curl.
There are some process before publishing and it is taking time.
Hope to publish the new curl in couple of weeks.

------------------------------
SANKET RATHI

Original Message:
Sent: Mon October 04, 2021 02:05 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi Senket,

is there an update? Secure operation is extremely important for our mission-critical AIX systems.

------------------------------
Niklas
System Engineer UNIX and Linux on Power

Original Message:
Sent: Mon September 20, 2021 02:36 AM
From: SANKET RATHI
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi Niklas,

Thank you for reporting this.
We will look into this.

------------------------------
SANKET RATHI

Original Message:
Sent: Thu September 16, 2021 03:38 AM
From: Niklas V.
Subject: Curl - Security Advisory - Update to 7.79.0 needed

Hi AIX OpenSource-Team,

please update curl, because of the following security issues.

AIX Toolbox Version: 7.76.1

AFFECTED VERSIONS

• Affected versions: curl 7.73.0 to and including 7.78.0
• Not affected versions: curl < 7.73.0 and curl >= 7.79.0

RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT

---

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22945.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22946.html

Curl Security Advisory 2021-09-14
https://curl.se/docs/CVE-2021-22947.html

---

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------