Small knowledge, big challenge! This paper is participating in theEssentials for programmers”Creative activities.

📖 preface

Good attitude, not so tired. In a good mood, all you see is beautiful scenery.Copy the code

"If you can't solve a problem for a while, use this opportunity to see your limitations and put yourself out of order." As the old saying goes, it's easy to let go. If you are distracted by something, learn to disconnect. Cut out the paranoia, the trash in the community, and get rid of the negative energy. Good attitude, not so tired. In a good mood, all you see is beautiful scenery.

📖 Background

Liunx centos7 Haxx curl Resource Management Error (CVE-2021-22901)

Due to business needs (vulnerability scanning) on the servercurlThe version is too old, there are bugs, so I spare some time to upgrade the latest version, to ensure the security of communication between servers, then read some tutorials online, found that they are different, finally found the simplest, most convenient method, share with everyone. Portal:Curl Vulnerability resolutionIn plain English, you need to upgrade to the latest, stable version

🌂 is described as follows

Name of vulnerability Haxx curl Resource Management Error Vulnerability (CVE-2021-22901)
Hole type Other holes
CVE number CVE-2021-22901
CNNVD number CNNVD-202105-1683
CNVD number
CNCVE number CNCVE-202122901
BUGTRAQ
Vulnerability describes HAXX curl is a file transfer tool from HAXX (HAXX) that works on the command line using URL syntax. The tool supports file upload and download, and includes a libcurl (client-side URL transfer library) for program development. Curl has a resource management error vulnerability. This vulnerability uses the OpenSSL library as the TLS backend. The curl version can use the released memory after the OpenSSL library performs the TLS session re-negotiation. A malicious TLS server could exploit this flaw to crash, or use the curl library to execute arbitrary code with client-side application privileges.
Repair advice At present, the manufacturer has released an upgrade patch to fix the vulnerability. Link to obtain the patch:The curl. Se/docs/CVE – 20…
Name of vulnerability Oracle MySQL Server DML Security Vulnerability (CVE-2020-14828)
Hole type Database vulnerability
CVE number CVE-2020-14828
CNNVD number CNNVD-202010-968

🚀 began

CURLIs a file transfer utility that works on the command line using URL syntax, first released in 1997. It supports file upload and download, so it is a comprehensive transmission tool, but according to the tradition, the habit is calledCURLFor downloading tools.CURLIt also contains information for program developmentlibcurl.

1. Add a new onerepo

vim /etc/yum.repos.d/city-fan.repo
​
​
# then add the following content to it:# Centos6 edit as follows:
​
[CityFanforCurl]
​
name=City Fan Repo
​
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/
​
enabled=0
​
gpgcheck=0
​
​
# Centos7 edit as follows:
​
[CityFanforCurl]
​
name=City Fan Repo
​
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/
​
enabled=0
​
gpgcheck=0
Copy the code

PS: vim, press I to start editing, press Esc, enter :wq, and press Enter to save the configuration

Update 2.CURL

Use the following command to update:
​
yum update curl --enablerepo=CityFanforCurl -y
​
# CURL will be updated to a new stable release.
Copy the code

3. Enter againcurl --versionThe output is as follows:

curl --version
Copy the code

✨ method two: some will report an errorerror:Requires: libnghttp2.so.14()(64bit)

I found that the documentation says libcurl recommends 7.49.0 and above and then I looked at the 7.29 version on my machine

How to update curl and libcurl

The method is as follows:

  1. Install the libcurl yum source

    rpm -ivh http://mirror.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-2-1.rhel7.noarch.rpm
    Copy the code
  1. Run the yum upgrade update

    yum upgrade libcurl curl
    Copy the code

    And then here you can see that nothing is happening and you need to edit the city-fa source and change enabled=0 to enabled=1, okay

    vi /etc/yum.repos.d/city-fan.org.repo
    Copy the code
  1. Yum update curl –enablerepo=CityFanforCurl -y

    Error: Package: libcurl-7.65.1-1.0.cf.rhel7.x86_64 (city-fan.org)
           Requires: libnghttp2.so.14()(64bit)
    Copy the code

Solutions:

  1. The installationepel
yum install epel-release -y
Copy the code
  1. Re-execute the above installation command and still report an errorRequires: libnghttp2.so.14()(64bit)

Final solution implementation:

yum --enablerepo=epel install libnghttp2 -y && yum install libcurl -y
Copy the code
  1. Performed againyum update curl --enablerepo=CityFanforCurl -y

Finally, thank you for your patience to watch the end, the original is not easy, leave a point like collection is your biggest encouragement to me!


🎉 summary:

  • For more references, see here:The Blog of Chan Wing Kai

  • Like the small partner of the blogger can add a concern, a thumbs-up oh, continue to update hey hey!