ELBA-2020-0372

ELBA-2020-0372 - curl bug fix update

Type:BUG
Severity:NA
Release Date:2020-02-05

Description


[7.29.0-54.0.3.el7_7.2]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-54.el7_7.2]
- allow curl to POST from a char device (#1769307)




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) curl-7.29.0-54.0.3.el7_7.2.src.rpm15dae94d4cfd29fc58d786500f79300b-
curl-7.29.0-54.0.3.el7_7.2.aarch64.rpm542b75de05c0dd2d2152cca8a713a492-
libcurl-7.29.0-54.0.3.el7_7.2.aarch64.rpm5ab0e17591ec201f9302b2376a936267-
libcurl-devel-7.29.0-54.0.3.el7_7.2.aarch64.rpm23031892ec35d64c75084fdab58c556a-
Oracle Linux 7 (x86_64) curl-7.29.0-54.0.3.el7_7.2.src.rpm15dae94d4cfd29fc58d786500f79300b-
curl-7.29.0-54.0.3.el7_7.2.x86_64.rpmbaa620352a35f8b9e663f0821eddbe50-
libcurl-7.29.0-54.0.1.el7_7.2.i686.rpm048f5f1772a764cc3b214ac170acee24-
libcurl-7.29.0-54.0.1.el7_7.2.x86_64.rpm0abff3a0cfe3ae22c4a42096933490d4-
libcurl-7.29.0-54.0.3.el7_7.2.i686.rpm1e5a93e41225e4ac2640318500d0801e-
libcurl-7.29.0-54.0.3.el7_7.2.x86_64.rpm46d743cd7d9c3a56d495bba3cfc6a3a0-
libcurl-devel-7.29.0-54.0.1.el7_7.2.i686.rpm46ad55d6d643cb9766551be018fe672a-
libcurl-devel-7.29.0-54.0.1.el7_7.2.x86_64.rpme7c35c4352e106456c6b6a4ad66fa28a-
libcurl-devel-7.29.0-54.0.3.el7_7.2.i686.rpme601cbea5db7033d1ada1d5c214cb08b-
libcurl-devel-7.29.0-54.0.3.el7_7.2.x86_64.rpmaa63dbc300b548dfa871d5d8baeab597-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete