ELSA-2020-5002

ULN >
Oracle Linux Errata repository >
ELSA-2020-5002

ELSA-2020-5002 - curl security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-11-12

Description

[7.29.0-59.0.1.1]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.1]
- avoid overwriting a local file with -J (CVE-2020-8177)

Related CVEs

CVE-2020-8177

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-59.0.1.el7_9.1.src.rpm	ac6c32340cea13fd613d9ac3a173d4b210cf826277ff0fde7b8eab592d706407	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-59.0.1.el7_9.1.src.rpm	ac6c32340cea13fd613d9ac3a173d4b210cf826277ff0fde7b8eab592d706407	ELSA-2023-7743	ol7_aarch64_u9_patch
	curl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	3558e048fe254b238581cd58044d59126567b22f79f3f99327a1102920e39a9f	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	3558e048fe254b238581cd58044d59126567b22f79f3f99327a1102920e39a9f	ELSA-2023-7743	ol7_aarch64_u9_patch
	libcurl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	3e64bd42a03bd29cec2d290803f6d40e0d1fcb41ee7c24a50a2c65c6312e9a2b	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	3e64bd42a03bd29cec2d290803f6d40e0d1fcb41ee7c24a50a2c65c6312e9a2b	ELSA-2023-7743	ol7_aarch64_u9_patch
	libcurl-devel-7.29.0-59.0.1.el7_9.1.aarch64.rpm	a75bec05c53062e60cb4cf18a8982b4a30779b6e386f2a291dd2cc1b2d15a725	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-59.0.1.el7_9.1.aarch64.rpm	a75bec05c53062e60cb4cf18a8982b4a30779b6e386f2a291dd2cc1b2d15a725	ELSA-2023-7743	ol7_aarch64_u9_patch

Oracle Linux 7 (x86_64)	curl-7.29.0-59.0.1.el7_9.1.src.rpm	ac6c32340cea13fd613d9ac3a173d4b210cf826277ff0fde7b8eab592d706407	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-59.0.1.el7_9.1.src.rpm	ac6c32340cea13fd613d9ac3a173d4b210cf826277ff0fde7b8eab592d706407	ELSA-2023-7743	ol7_x86_64_u9_patch
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.2.21.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.2.22.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.3.15.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.3.16.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.3.17.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.3.18.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_19.3.19.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.10.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.5.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.6.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.7.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.8.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_20.1.9.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	exadata_dbserver_21.2.0.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d486e47462872832806d971d4860e6e0f7e50742bc351eac675fd986c722f9e1	ELSA-2023-7743	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm	253b61b3999199b41e6ea3a12be7c8b4f82dd1f9bb0a6abb5435ab7d6b116f50	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm	253b61b3999199b41e6ea3a12be7c8b4f82dd1f9bb0a6abb5435ab7d6b116f50	ELSA-2023-7743	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.2.21.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.2.22.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.3.15.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.3.16.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.3.17.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.3.18.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_19.3.19.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.10.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.5.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.6.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.7.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.8.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_20.1.9.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	exadata_dbserver_21.2.0.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	94640a6853b50e2f0ae4c7b32c635c98a6b7df4c534b45f93cbac9671b799b39	ELSA-2023-7743	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm	fd75a790af4a8f02835fedaba0fc3efc214d08d7aa891f10fe9230740ebc3898	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm	fd75a790af4a8f02835fedaba0fc3efc214d08d7aa891f10fe9230740ebc3898	ELSA-2023-7743	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm	11dfc1e2a5498144d4d2c5a48a5e108446dbbdba97b34ec12cb9e640fbbaa1fc	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm	11dfc1e2a5498144d4d2c5a48a5e108446dbbdba97b34ec12cb9e640fbbaa1fc	ELSA-2023-7743	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691