ELBA-2019-4253

ELBA-2019-4253 - curl bug fix update

Type:BUG
Severity:NA
Release Date:2019-12-18

Description


[7.19.7-54.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- use PK11_CreateManagedGenericObject in libcurl to prevent memory leak [orabug 28666473]

[7.19.7-54]
- fix auth failure with duplicated WWW-Authenticate header (#1757643)




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) curl-7.19.7-54.0.1.el6_10.src.rpma6b8579988f855fd6bf605e7c3013d23-
curl-7.19.7-54.0.1.el6_10.i686.rpmccdc6fccbdbcc2352963f5a8bafda610-
libcurl-7.19.7-54.0.1.el6_10.i686.rpmaa64f605301f14b4ee6ef1d8f04ea1e5-
libcurl-devel-7.19.7-54.0.1.el6_10.i686.rpmad49d8b6804ef71c4340d7daef1fd16f-
Oracle Linux 6 (x86_64) curl-7.19.7-54.0.1.el6_10.src.rpma6b8579988f855fd6bf605e7c3013d23-
curl-7.19.7-54.0.1.el6_10.x86_64.rpm7f4f14e0dbd38966a4884e6d0cafa6d2-
libcurl-7.19.7-54.0.1.el6_10.i686.rpmaa64f605301f14b4ee6ef1d8f04ea1e5-
libcurl-7.19.7-54.0.1.el6_10.x86_64.rpm67ff72fb16aa2756d2cb62862b1aee57-
libcurl-devel-7.19.7-54.0.1.el6_10.i686.rpmad49d8b6804ef71c4340d7daef1fd16f-
libcurl-devel-7.19.7-54.0.1.el6_10.x86_64.rpmf1fd5ae3a7a001c8ba92038fd1d6afbf-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete