ELSA-2018-3157

ULN >
Oracle Linux Errata repository >
ELSA-2018-3157

ELSA-2018-3157 - curl and nss-pem security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2018-11-05

Description

curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum (#1610998)

[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang

[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)

[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)

[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)

nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-51.el7.src.rpm	2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9	ELSA-2023-7743	ol7_aarch64_latest
	nss-pem-1.0.3-5.el7.src.rpm	79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844	ELBA-2023-3483	ol7_aarch64_latest
	curl-7.29.0-51.el7.aarch64.rpm	069a216b59b6af00fc84e3b504d8031e9eea4c16d12214f90c1129e9601ae0e2	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-51.el7.aarch64.rpm	7f6bc838e1e2173c965424c4fc78f10e295d8e9b0103a460bc3d8887e2d639dd	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-51.el7.aarch64.rpm	16b5f2b625ae3aa34c9416793ca463738dfd3e2f24508ef4e0a041295e216b75	ELSA-2023-7743	ol7_aarch64_latest
	nss-pem-1.0.3-5.el7.aarch64.rpm	19d81de6cfd83e63a1781ef2aa783f15e633273c68ec8eca991cb8c5b6e71f30	ELBA-2023-3483	ol7_aarch64_latest

Oracle Linux 7 (x86_64)	curl-7.29.0-51.el7.src.rpm	2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-51.el7.src.rpm	2bc330dcd3a96981e6b605f50f3a3cf2288e5249b0a9b259a652d0b04f30afe9	ELSA-2023-7743	ol7_x86_64_u6_base
	nss-pem-1.0.3-5.el7.src.rpm	79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844	ELBA-2023-3483	ol7_x86_64_latest
	nss-pem-1.0.3-5.el7.src.rpm	79f1b0d482168d5096782d14b322a203ba5f0b6d1743896c0b61903162b3d844	ELBA-2023-3483	ol7_x86_64_u6_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	exadata_dbserver_19.1.1.0.0_x86_64_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	exadata_dbserver_19.1.2.0.0_x86_64_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	exadata_dbserver_19.2.0.0.0_x86_64_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	exadata_dbserver_19.2.1.0.0_x86_64_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	exadata_dbserver_19.2.2.0.0_x86_64_base
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-51.el7.x86_64.rpm	20382fa4b957704598735880e778e3e2d11f7ecf7b0a79983144dcb73ab50df8	ELSA-2023-7743	ol7_x86_64_u6_base
	libcurl-7.29.0-51.el7.i686.rpm	fd2ff81d556637bdc93a4fceab96bfff0d80fb433800e0cb4b6982e35fb59fe1	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-51.el7.i686.rpm	fd2ff81d556637bdc93a4fceab96bfff0d80fb433800e0cb4b6982e35fb59fe1	ELSA-2023-7743	ol7_x86_64_u6_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	exadata_dbserver_19.1.1.0.0_x86_64_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	exadata_dbserver_19.1.2.0.0_x86_64_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	exadata_dbserver_19.2.0.0.0_x86_64_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	exadata_dbserver_19.2.1.0.0_x86_64_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	exadata_dbserver_19.2.2.0.0_x86_64_base
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-51.el7.x86_64.rpm	6e569d892b4686229abe426db0e58127a2d35ac88931dd04d99d1ac2aa90843a	ELSA-2023-7743	ol7_x86_64_u6_base
	libcurl-devel-7.29.0-51.el7.i686.rpm	a29cab854f51054c3925329dac8057b9037770ace5936746dafbdc84c091cf78	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-51.el7.i686.rpm	a29cab854f51054c3925329dac8057b9037770ace5936746dafbdc84c091cf78	ELSA-2023-7743	ol7_x86_64_u6_base
	libcurl-devel-7.29.0-51.el7.x86_64.rpm	4ad67c5aede3d813bdeacf424bee3886f6f6a5b2658595ffe053f22743dd43d5	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-51.el7.x86_64.rpm	4ad67c5aede3d813bdeacf424bee3886f6f6a5b2658595ffe053f22743dd43d5	ELSA-2023-7743	ol7_x86_64_u6_base
	nss-pem-1.0.3-5.el7.i686.rpm	5909915276427301e7ab70f5c0c6690bd1a81ed03f12c40c08c7d39a1c7021ba	ELBA-2023-3483	ol7_x86_64_latest
	nss-pem-1.0.3-5.el7.i686.rpm	5909915276427301e7ab70f5c0c6690bd1a81ed03f12c40c08c7d39a1c7021ba	ELBA-2023-3483	ol7_x86_64_u6_base
	nss-pem-1.0.3-5.el7.x86_64.rpm	f9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362	ELBA-2023-3483	exadata_dbserver_19.1.1.0.0_x86_64_base
	nss-pem-1.0.3-5.el7.x86_64.rpm	f9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362	ELBA-2023-3483	exadata_dbserver_19.1.2.0.0_x86_64_base
	nss-pem-1.0.3-5.el7.x86_64.rpm	f9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362	ELBA-2023-3483	exadata_dbserver_19.2.0.0.0_x86_64_base
	nss-pem-1.0.3-5.el7.x86_64.rpm	f9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362	ELBA-2023-3483	ol7_x86_64_latest
	nss-pem-1.0.3-5.el7.x86_64.rpm	f9f70596c3f08eacf4b276ac4fef054a73b3183ca5b6a721abc04b72e0f82362	ELBA-2023-3483	ol7_x86_64_u6_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691