A new curl package with the fix for the CVE-2021-22876 within CentOS 6 ELS has been scheduled for gradual rollout
A new curl package with the fix for the CVE-2021-22876 within CentOS 6 extended lifecycle support has been scheduled for gradual rollout from our production repository.
Rollout slot: 1
Rolled out to: 1%
ETA for 100% rollout: April, 8
Errata: https://errata.cloudlinux.com/els6/CLSA-2021-1617285762.html
Changelog
curl-7.19.7-56.cloudlinux.els6
- back-port urlapi from v7.75.0 (used by CVE-2021-22876)
- strip credentials from the auto-referer header (CVE-2021-22876)
Update command
yum update curl*
Immediate update (via bypass)
yum update curl* --enablerepo=ELS6-rollout-1-bypass