ELSA-2018-3157

ELSA-2018-3157 - curl and nss-pem security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2018-11-05

Description


curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum (#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)


Related CVEs


CVE-2018-1000120
CVE-2018-1000122
CVE-2018-1000007
CVE-2018-1000121
CVE-2018-1000301

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) curl-7.29.0-51.el7.src.rpm2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9ELSA-2023-7743ol7_aarch64_latest
nss-pem-1.0.3-5.el7.src.rpm79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844ELBA-2023-3483ol7_aarch64_latest
curl-7.29.0-51.el7.aarch64.rpm069a216b59b6af00fc84e3b504d8031e9eea4c16d12214f90c1129e9601ae0e2ELSA-2023-7743ol7_aarch64_latest
libcurl-7.29.0-51.el7.aarch64.rpm7f6bc838e1e2173c965424c4fc78f10e295d8e9b0103a460bc3d8887e2d639ddELSA-2023-7743ol7_aarch64_latest
libcurl-devel-7.29.0-51.el7.aarch64.rpm16b5f2b625ae3aa34c9416793ca463738dfd3e2f24508ef4e0a041295e216b75ELSA-2023-7743ol7_aarch64_latest
nss-pem-1.0.3-5.el7.aarch64.rpm19d81de6cfd83e63a1781ef2aa783f15e633273c68ec8eca991cb8c5b6e71f30ELBA-2023-3483ol7_aarch64_latest
Oracle Linux 7 (x86_64) curl-7.29.0-51.el7.src.rpm2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9ELSA-2023-7743ol7_x86_64_latest
curl-7.29.0-51.el7.src.rpm2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9ELSA-2023-7743ol7_x86_64_u6_base
nss-pem-1.0.3-5.el7.src.rpm79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844ELBA-2023-3483ol7_x86_64_latest
nss-pem-1.0.3-5.el7.src.rpm79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844ELBA-2023-3483ol7_x86_64_u6_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743exadata_dbserver_19.1.1.0.0_x86_64_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743exadata_dbserver_19.1.2.0.0_x86_64_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743exadata_dbserver_19.2.0.0.0_x86_64_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743exadata_dbserver_19.2.1.0.0_x86_64_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743exadata_dbserver_19.2.2.0.0_x86_64_base
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743ol7_x86_64_latest
curl-7.29.0-51.el7.x86_64.rpm20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8ELSA-2023-7743ol7_x86_64_u6_base
libcurl-7.29.0-51.el7.i686.rpmfd2ff81d556637bdc93a4fceab96bfff0d80fb433800e0cb4b6982e35fb59fe1ELSA-2023-7743ol7_x86_64_latest
libcurl-7.29.0-51.el7.i686.rpmfd2ff81d556637bdc93a4fceab96bfff0d80fb433800e0cb4b6982e35fb59fe1ELSA-2023-7743ol7_x86_64_u6_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743exadata_dbserver_19.1.1.0.0_x86_64_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743exadata_dbserver_19.1.2.0.0_x86_64_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743exadata_dbserver_19.2.0.0.0_x86_64_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743exadata_dbserver_19.2.1.0.0_x86_64_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743exadata_dbserver_19.2.2.0.0_x86_64_base
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743ol7_x86_64_latest
libcurl-7.29.0-51.el7.x86_64.rpm6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843aELSA-2023-7743ol7_x86_64_u6_base
libcurl-devel-7.29.0-51.el7.i686.rpma29cab854f51054c3925329dac8057b9037770ace5936746dafbdc84c091cf78ELSA-2023-7743ol7_x86_64_latest
libcurl-devel-7.29.0-51.el7.i686.rpma29cab854f51054c3925329dac8057b9037770ace5936746dafbdc84c091cf78ELSA-2023-7743ol7_x86_64_u6_base
libcurl-devel-7.29.0-51.el7.x86_64.rpm4ad67c5aede3d813bdeacf424bee3886f6f6a5b2658595ffe053f22743dd43d5ELSA-2023-7743ol7_x86_64_latest
libcurl-devel-7.29.0-51.el7.x86_64.rpm4ad67c5aede3d813bdeacf424bee3886f6f6a5b2658595ffe053f22743dd43d5ELSA-2023-7743ol7_x86_64_u6_base
nss-pem-1.0.3-5.el7.i686.rpm5909915276427301e7ab70f5c0c6690bd1a81ed03f12c40c08c7d39a1c7021baELBA-2023-3483ol7_x86_64_latest
nss-pem-1.0.3-5.el7.i686.rpm5909915276427301e7ab70f5c0c6690bd1a81ed03f12c40c08c7d39a1c7021baELBA-2023-3483ol7_x86_64_u6_base
nss-pem-1.0.3-5.el7.x86_64.rpmf9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362ELBA-2023-3483exadata_dbserver_19.1.1.0.0_x86_64_base
nss-pem-1.0.3-5.el7.x86_64.rpmf9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362ELBA-2023-3483exadata_dbserver_19.1.2.0.0_x86_64_base
nss-pem-1.0.3-5.el7.x86_64.rpmf9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362ELBA-2023-3483exadata_dbserver_19.2.0.0.0_x86_64_base
nss-pem-1.0.3-5.el7.x86_64.rpmf9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362ELBA-2023-3483ol7_x86_64_latest
nss-pem-1.0.3-5.el7.x86_64.rpmf9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362ELBA-2023-3483ol7_x86_64_u6_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete