ELSA-2019-1880

ULN >
Oracle Linux Errata repository >
ELSA-2019-1880

ELSA-2019-1880 - curl security and bug fix update

Type:	SECURITY
Impact:	LOW
Release Date:	2019-07-30

Description

[7.29.0-51.0.1.el7_6.3]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-51.el7_6.3]
- fix NTLM password overflow via integer overflow (CVE-2018-14618)

[7.29.0-51.el7_6.2]
- prevent curl --rate-limit from crashing on https URLs (#1683292)

[7.29.0-51.el7_6.1]
- prevent curl --rate-limit from hanging on file URLs (#1281969)

Related CVEs

CVE-2018-14618

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-51.0.1.el7_6.3.src.rpm	9498408b05bd051183ef3ac2f3564ca70e9fc2773ed11effc8710333a06d4d79	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-51.0.1.el7_6.3.aarch64.rpm	71dcb6d5c39d94812fd7c757cab39276f688f54555c49b49a3c48658481f963a	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-51.0.1.el7_6.3.aarch64.rpm	bad280e49ecbf299af607aeab799e0a533d19df4f76268f0bd41a2d67b8daaa6	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-51.0.1.el7_6.3.aarch64.rpm	6238f68a6726b88e6460655d0b10dd2b62dfbf7da063c35d590fcb6e7a63a459	ELSA-2023-7743	ol7_aarch64_latest

Oracle Linux 7 (x86_64)	curl-7.29.0-51.0.1.el7_6.3.src.rpm	9498408b05bd051183ef3ac2f3564ca70e9fc2773ed11effc8710333a06d4d79	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-51.0.1.el7_6.3.src.rpm	9498408b05bd051183ef3ac2f3564ca70e9fc2773ed11effc8710333a06d4d79	ELSA-2023-7743	ol7_x86_64_u6_patch
	curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	eeec028de4ed6dec4f3dbc2e95ff0cb91904d7cac4f1d22a1bb898f7685ddec6	ELSA-2023-7743	exadata_dbserver_19.2.5.0.0_x86_64_base
	curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	eeec028de4ed6dec4f3dbc2e95ff0cb91904d7cac4f1d22a1bb898f7685ddec6	ELSA-2023-7743	exadata_dbserver_19.2.6.0.0_x86_64_base
	curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	eeec028de4ed6dec4f3dbc2e95ff0cb91904d7cac4f1d22a1bb898f7685ddec6	ELSA-2023-7743	exadata_dbserver_19.2.7.0.0_x86_64_base
	curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	eeec028de4ed6dec4f3dbc2e95ff0cb91904d7cac4f1d22a1bb898f7685ddec6	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	eeec028de4ed6dec4f3dbc2e95ff0cb91904d7cac4f1d22a1bb898f7685ddec6	ELSA-2023-7743	ol7_x86_64_u6_patch
	libcurl-7.29.0-51.0.1.el7_6.3.i686.rpm	53c089ab604ce0d764f03e1a1a4e904c7bba54951dd0d3cbd9c8e89126a3ab8d	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-51.0.1.el7_6.3.i686.rpm	53c089ab604ce0d764f03e1a1a4e904c7bba54951dd0d3cbd9c8e89126a3ab8d	ELSA-2023-7743	ol7_x86_64_u6_patch
	libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	4d37d17158e6fdbb94b0643b70c857be7be1fb7e6d39b1dd18d4a5e5bffc2609	ELSA-2023-7743	exadata_dbserver_19.2.5.0.0_x86_64_base
	libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	4d37d17158e6fdbb94b0643b70c857be7be1fb7e6d39b1dd18d4a5e5bffc2609	ELSA-2023-7743	exadata_dbserver_19.2.6.0.0_x86_64_base
	libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	4d37d17158e6fdbb94b0643b70c857be7be1fb7e6d39b1dd18d4a5e5bffc2609	ELSA-2023-7743	exadata_dbserver_19.2.7.0.0_x86_64_base
	libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	4d37d17158e6fdbb94b0643b70c857be7be1fb7e6d39b1dd18d4a5e5bffc2609	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm	4d37d17158e6fdbb94b0643b70c857be7be1fb7e6d39b1dd18d4a5e5bffc2609	ELSA-2023-7743	ol7_x86_64_u6_patch
	libcurl-devel-7.29.0-51.0.1.el7_6.3.i686.rpm	ad5cc07a10e6df88fcfb13a35763a6e5222b247361075ed2c6166430ea7cf191	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-51.0.1.el7_6.3.i686.rpm	ad5cc07a10e6df88fcfb13a35763a6e5222b247361075ed2c6166430ea7cf191	ELSA-2023-7743	ol7_x86_64_u6_patch
	libcurl-devel-7.29.0-51.0.1.el7_6.3.x86_64.rpm	0867a9ad89cb3dbaf01f3a8bb12b62572dbd79b8a50e1341ce243a2cd35cdadb	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-51.0.1.el7_6.3.x86_64.rpm	0867a9ad89cb3dbaf01f3a8bb12b62572dbd79b8a50e1341ce243a2cd35cdadb	ELSA-2023-7743	ol7_x86_64_u6_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691