The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
curl: more POST-after-PUT confusion (CVE-2023-28322)
curl: cookie injection with none file (CVE-2023-38546)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
libssh (curl sftp) not trying password auth (BZ#2240033)
libssh: cap SFTP packet size sent (Rocky Linux-5485)