ELSA-2016-2575 - curl security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2016-11-09 |
Description
[7.29.0-35]
- fix incorrect use of a previously loaded certificate from file
(related to CVE-2016-5420)
[7.29.0-34]
- acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
(required by the fix for CVE-2016-5419)
[7.29.0-33]
- fix re-using connections with wrong client cert (CVE-2016-5420)
- fix TLS session resumption client cert bypass (CVE-2016-5419)
[7.29.0-32]
- configure: improve detection of GCC's -fvisibility= flag
[7.29.0-31]
- prevent curl_multi_wait() from missing an event (#1347904)
[7.29.0-30]
- curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts (#1305974)
[7.29.0-29]
- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat '' as NULL (#1275769)
[7.29.0-28]
- prevent NSS from incorrectly re-using a session (#1269855)
- call PR_Cleanup() in the upstream test-suite if NSPR is used (#1243324)
- disable unreliable upstream test-case 2032 (#1241168)
[7.29.0-27]
- SSH: do not require public key file for user authentication (#1275769)
[7.29.0-26]
- implement 'curl --unix-socket' and CURLOPT_UNIX_SOCKET_PATH (#1263318)
- improve parsing of URL-encoded user name and password (#1260178)
- prevent test46 from failing due to expired cookie (#1258834)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (x86_64) | curl-7.29.0-35.el7.src.rpm | e61d00ae3fe23d0722a97bfc397df87e | ELBA-2021-9230 |
| curl-7.29.0-35.el7.x86_64.rpm | 91fa1b0d275ef2b1abbd696f1b7e0243 | ELBA-2021-9230 |
| libcurl-7.29.0-35.el7.i686.rpm | 1ec5ce31ac44533895d7165e6acaf2e7 | ELBA-2021-9230 |
| libcurl-7.29.0-35.el7.x86_64.rpm | 2b067a6bf33bca138f6910e9c98993f5 | ELBA-2021-9230 |
| libcurl-devel-7.29.0-35.el7.i686.rpm | 9889195b13ea4fbc9f7e18a2732bfc18 | ELBA-2021-9230 |
| libcurl-devel-7.29.0-35.el7.x86_64.rpm | 29d9b5c0668cc7c8bb9de3842642a466 | ELBA-2021-9230 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
