If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none`. Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5700 https://access.redhat.com/errata/RHSA-2023:5700
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5763 https://access.redhat.com/errata/RHSA-2023:5763
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:6292 https://access.redhat.com/errata/RHSA-2023:6292
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6745 https://access.redhat.com/errata/RHSA-2023:6745
from https://access.redhat.com/security/cve/cve-2023-38546 this is fixed in RHEL 8.6 extended support (curl-7.61.1-22.el8_6.9.src.rpm https://access.redhat.com/errata/RHSA-2023:6292 ) While it says affected for RHEL8. Is this fixed in RHEL 8.9 curl-7.61.1-33.src.rom ? If not, when will it be fixed? Thank you,
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7540 https://access.redhat.com/errata/RHSA-2023:7540
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1601 https://access.redhat.com/errata/RHSA-2024:1601
This issue has been addressed in the following products: Satellite Client 6 for RHEL 6 Satellite Client 6 for RHEL 7 Satellite Client 6 for RHEL 8 Satellite Client 6 for RHEL 9 Via RHSA-2024:2101 https://access.redhat.com/errata/RHSA-2024:2101