ELSA-2024-1601

ULN >
Oracle Linux Errata repository >
ELSA-2024-1601

ELSA-2024-1601 - curl security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-04-03

Description

[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)

Related CVEs

CVE-2023-38546

CVE-2023-28322

CVE-2023-46218

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	curl-7.61.1-33.el8_9.5.src.rpm	8e39e6a4d9533662edb38e77a75867eb	-	ol8_aarch64_baseos_latest
	curl-7.61.1-33.el8_9.5.src.rpm	8e39e6a4d9533662edb38e77a75867eb	-	ol8_aarch64_u9_baseos_patch
	curl-7.61.1-33.el8_9.5.aarch64.rpm	6a620c19586b1df09a91fc02f3d8120c	-	ol8_aarch64_baseos_latest
	curl-7.61.1-33.el8_9.5.aarch64.rpm	6a620c19586b1df09a91fc02f3d8120c	-	ol8_aarch64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.aarch64.rpm	dab14f6edb9d3152704ccf1d820ac1a0	-	ol8_aarch64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.aarch64.rpm	dab14f6edb9d3152704ccf1d820ac1a0	-	ol8_aarch64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm	c48ac20dbfeeca6a5899d7ef647c3524	-	ol8_aarch64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm	c48ac20dbfeeca6a5899d7ef647c3524	-	ol8_aarch64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm	d1fa4fb55ab4a3151df996601b2bb129	-	ol8_aarch64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm	d1fa4fb55ab4a3151df996601b2bb129	-	ol8_aarch64_u9_baseos_patch

Oracle Linux 8 (x86_64)	curl-7.61.1-33.el8_9.5.src.rpm	8e39e6a4d9533662edb38e77a75867eb	-	ol8_x86_64_baseos_latest
	curl-7.61.1-33.el8_9.5.src.rpm	8e39e6a4d9533662edb38e77a75867eb	-	ol8_x86_64_u9_baseos_patch
	curl-7.61.1-33.el8_9.5.x86_64.rpm	6b2f8e56b763ccc9c0850da9b8cc1b07	-	ol8_x86_64_baseos_latest
	curl-7.61.1-33.el8_9.5.x86_64.rpm	6b2f8e56b763ccc9c0850da9b8cc1b07	-	ol8_x86_64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.i686.rpm	cbd9dbd3c8d726f992d5e5bd5a844680	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.i686.rpm	cbd9dbd3c8d726f992d5e5bd5a844680	-	ol8_x86_64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	96ddb22f3689fb95289b9ce0ca7024b6	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	96ddb22f3689fb95289b9ce0ca7024b6	-	ol8_x86_64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.i686.rpm	07cbc4cace38ff36aeffab9626d08de1	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.i686.rpm	07cbc4cace38ff36aeffab9626d08de1	-	ol8_x86_64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm	30d26dd645a00dedbe9ce6f86d6ee51e	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm	30d26dd645a00dedbe9ce6f86d6ee51e	-	ol8_x86_64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm	8f0f047d7b54b8225500f5cc9957f6db	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm	8f0f047d7b54b8225500f5cc9957f6db	-	ol8_x86_64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm	46c3018cb3ff03854ac1f5c72f95e09b	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm	46c3018cb3ff03854ac1f5c72f95e09b	-	ol8_x86_64_u9_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691