ELSA-2015-2159 - curl security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2015-11-23 |
Description
[7.29.0-25.0.1]
- disable check to make build pass
[7.29.0-25]
- fix spurious failure of test 1500 on ppc64le (#1218272)
[7.29.0-24]
- use the default min/max TLS version provided by NSS (#1170339)
- improve handling of timeouts and blocking direction to speed up FTP (#1218272)
[7.29.0-23]
- require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)
[7.29.0-22]
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)
[7.29.0-21]
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
[7.29.0-20]
- eliminate unnecessary delay when resolving host from /etc/hosts (#1130239)
- allow to enable/disable new AES cipher-suites (#1066065)
- call PR_Cleanup() on curl tool exit if NSPR is used (#1071254)
- implement non-blocking TLS handshake (#1091429)
- fix limited connection re-use for unencrypted HTTP (#1101092)
- disable libcurl-level downgrade to SSLv3 (#1154060)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161182)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1166264)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (x86_64) | curl-7.29.0-25.0.1.el7.src.rpm | 3e4c7a853615832a4de8c97f3dfc9f07 | ELBA-2021-9230 |
| curl-7.29.0-25.0.1.el7.x86_64.rpm | a75dae39fc89468bebdbb8e7d1750fb6 | ELBA-2021-9230 |
| libcurl-7.29.0-25.0.1.el7.i686.rpm | 80ad3c59e814865275311f2b973b089d | ELBA-2021-9230 |
| libcurl-7.29.0-25.0.1.el7.x86_64.rpm | 2ff68235a898934d51e23e142811035f | ELBA-2021-9230 |
| libcurl-devel-7.29.0-25.0.1.el7.i686.rpm | 33af86b5fae7947ce560f34b25ce123f | ELBA-2021-9230 |
| libcurl-devel-7.29.0-25.0.1.el7.x86_64.rpm | e2c9c139639278bb0d6fd4d4c7de8bb0 | ELBA-2021-9230 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
