ELSA-2015-1254

ULN >
Oracle Linux Errata repository >
ELSA-2015-1254

ELSA-2015-1254 - curl security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2015-07-28

Description

[7.19.7-46]
- require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)

[7.19.7-45]
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)

[7.19.7-44]
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)

[7.19.7-43]
- fix manpage typos found using aspell (#1011101)
- fix comments about loading CA certs with NSS in man pages (#1011083)
- fix handling of DNS cache timeout while a transfer is in progress (#835898)
- eliminate unnecessary inotify events on upload via file protocol (#883002)
- use correct socket type in the examples (#997185)
- do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)
- fix SIGSEGV of curl --retry when network is down (#1009455)
- allow to use TLS 1.1 and TLS 1.2 (#1012136)
- docs: update the links to cipher-suites supported by NSS (#1104160)
- allow to use ECC ciphers if NSS implements them (#1058767)
- make curl --trace-time print correct time (#1120196)
- let tool call PR_Cleanup() on exit if NSPR is used (#1146528)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)
- allow to enable/disable new AES cipher-suites (#1156422)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)
- disable libcurl-level downgrade to SSLv3 (#1154059)

[7.19.7-42]
- do not force connection close after failed HEAD request (#1168137)
- fix occasional SIGSEGV during SSL handshake (#1168668)

[7.19.7-41]
- fix a connection failure when FTPS handle is reused (#1154663)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 6 (i386)	curl-7.19.7-46.el6.src.rpm	7d3c906006aa577b486e920914fa2f7b6b91e371c91abab173e9dcf77767764b	ELSA-2020-5561	ol6_i386_latest_archive
	curl-7.19.7-46.el6.src.rpm	7d3c906006aa577b486e920914fa2f7b6b91e371c91abab173e9dcf77767764b	ELSA-2020-5561	ol6_u7_i386_base
	curl-7.19.7-46.el6.i686.rpm	254a7694e2d4b69a0fdf59c48439767465e9d9a6369286e3d7a3fa691158e8df	ELSA-2020-5561	ol6_i386_latest_archive
	curl-7.19.7-46.el6.i686.rpm	254a7694e2d4b69a0fdf59c48439767465e9d9a6369286e3d7a3fa691158e8df	ELSA-2020-5561	ol6_u7_i386_base
	libcurl-7.19.7-46.el6.i686.rpm	3ef0874b8210821b99e4b1cb9a8d0c2758f43e3f2fc4841ba747f3da7ea80bb3	ELSA-2020-5561	ol6_i386_latest_archive
	libcurl-7.19.7-46.el6.i686.rpm	3ef0874b8210821b99e4b1cb9a8d0c2758f43e3f2fc4841ba747f3da7ea80bb3	ELSA-2020-5561	ol6_u7_i386_base
	libcurl-devel-7.19.7-46.el6.i686.rpm	3819ebec4d310d5626db35ca625b5cd86057b072d9713ed71798d2f73b8ee2f3	ELSA-2020-5561	ol6_i386_latest_archive
	libcurl-devel-7.19.7-46.el6.i686.rpm	3819ebec4d310d5626db35ca625b5cd86057b072d9713ed71798d2f73b8ee2f3	ELSA-2020-5561	ol6_u7_i386_base

Oracle Linux 6 (x86_64)	curl-7.19.7-46.el6.src.rpm	7d3c906006aa577b486e920914fa2f7b6b91e371c91abab173e9dcf77767764b	ELSA-2020-5561	ol6_u7_x86_64_base
	curl-7.19.7-46.el6.src.rpm	7d3c906006aa577b486e920914fa2f7b6b91e371c91abab173e9dcf77767764b	ELSA-2020-5561	ol6_x86_64_latest_archive
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.1.3_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.2.0_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.2.1_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.2.2_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.3.0_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	exadata_dbserver_12.1.2.3.1_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	ol6_u7_x86_64_base
	curl-7.19.7-46.el6.x86_64.rpm	8ac607f222c0eb8d05188420cef1fcc844d22dc39063eb7faf92f51613f79420	ELSA-2020-5561	ol6_x86_64_latest_archive
	libcurl-7.19.7-46.el6.i686.rpm	3ef0874b8210821b99e4b1cb9a8d0c2758f43e3f2fc4841ba747f3da7ea80bb3	ELSA-2020-5561	ol6_u7_x86_64_base
	libcurl-7.19.7-46.el6.i686.rpm	3ef0874b8210821b99e4b1cb9a8d0c2758f43e3f2fc4841ba747f3da7ea80bb3	ELSA-2020-5561	ol6_x86_64_latest_archive
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.1.3_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.2.0_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.2.1_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.2.2_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.3.0_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	exadata_dbserver_12.1.2.3.1_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	ol6_u7_x86_64_base
	libcurl-7.19.7-46.el6.x86_64.rpm	f2695e11ac28e3723460edaf355ae11560f3b763e30465aac2eecaabd8b75523	ELSA-2020-5561	ol6_x86_64_latest_archive
	libcurl-devel-7.19.7-46.el6.i686.rpm	3819ebec4d310d5626db35ca625b5cd86057b072d9713ed71798d2f73b8ee2f3	ELSA-2020-5561	ol6_u7_x86_64_base
	libcurl-devel-7.19.7-46.el6.i686.rpm	3819ebec4d310d5626db35ca625b5cd86057b072d9713ed71798d2f73b8ee2f3	ELSA-2020-5561	ol6_x86_64_latest_archive
	libcurl-devel-7.19.7-46.el6.x86_64.rpm	263bb32da6051c8e63305731495bab12e7222a8d33d0eaa9e99488bc7940244c	ELSA-2020-5561	ol6_u7_x86_64_base
	libcurl-devel-7.19.7-46.el6.x86_64.rpm	263bb32da6051c8e63305731495bab12e7222a8d33d0eaa9e99488bc7940244c	ELSA-2020-5561	ol6_x86_64_latest_archive

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691