ELBA-2019-3971

ELBA-2019-3971 - curl bug fix update

Type:BUG
Severity:NA
Release Date:2019-11-27

Description


[7.29.0-54.0.1.el7_7.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-54.el7_7.1]
- fix auth failure with duplicated WWW-Authenticate header (#1754736)




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) curl-7.29.0-54.0.1.el7_7.1.src.rpm8c90be2d6648f6b64da02c9a65aac12f-
curl-7.29.0-54.0.1.el7_7.1.aarch64.rpm91dbb69d80bc3ee88bafe28a6305847d-
libcurl-7.29.0-54.0.1.el7_7.1.aarch64.rpm9e992a81fb7d72bdb336183c212dd1f0-
libcurl-devel-7.29.0-54.0.1.el7_7.1.aarch64.rpm9694e2295df080598cfbcfef485a4cb3-
Oracle Linux 7 (x86_64) curl-7.29.0-54.0.1.el7_7.1.src.rpm8c90be2d6648f6b64da02c9a65aac12f-
curl-7.29.0-54.0.1.el7_7.1.x86_64.rpm5c67f04da82304d1d86b3b02172e59e1-
libcurl-7.29.0-54.0.1.el7_7.1.i686.rpmd7b6f55bf42a5eb4f75e2198271d150c-
libcurl-7.29.0-54.0.1.el7_7.1.x86_64.rpmae8d977cffc6d9c3a5b4457fde44a30d-
libcurl-devel-7.29.0-54.0.1.el7_7.1.i686.rpm00abba45aecd5113d310432bf7d4f22f-
libcurl-devel-7.29.0-54.0.1.el7_7.1.x86_64.rpmfce0ad01b5e214d66145a310ce21761c-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete