ELSA-2015-1254
- ULN >
- Oracle Linux Errata repository >
- ELSA-2015-1254
ELSA-2015-1254 - curl security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2015-07-28 |
Description
[7.19.7-46]
- require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)
[7.19.7-45]
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)
[7.19.7-44]
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
[7.19.7-43]
- fix manpage typos found using aspell (#1011101)
- fix comments about loading CA certs with NSS in man pages (#1011083)
- fix handling of DNS cache timeout while a transfer is in progress (#835898)
- eliminate unnecessary inotify events on upload via file protocol (#883002)
- use correct socket type in the examples (#997185)
- do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)
- fix SIGSEGV of curl --retry when network is down (#1009455)
- allow to use TLS 1.1 and TLS 1.2 (#1012136)
- docs: update the links to cipher-suites supported by NSS (#1104160)
- allow to use ECC ciphers if NSS implements them (#1058767)
- make curl --trace-time print correct time (#1120196)
- let tool call PR_Cleanup() on exit if NSPR is used (#1146528)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)
- allow to enable/disable new AES cipher-suites (#1156422)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)
- disable libcurl-level downgrade to SSLv3 (#1154059)
[7.19.7-42]
- do not force connection close after failed HEAD request (#1168137)
- fix occasional SIGSEGV during SSL handshake (#1168668)
[7.19.7-41]
- fix a connection failure when FTPS handle is reused (#1154663)
Related CVEs
| CVE-2014-3613 |
| CVE-2014-3707 |
| CVE-2014-8150 |
| CVE-2015-3143 |
| CVE-2015-3148 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 6 (i386) | curl-7.19.7-46.el6.src.rpm | 16c01e23c7d3ce3fd8e6d4af40c22054 | ELSA-2020-5561 |
| curl-7.19.7-46.el6.i686.rpm | fe362a96ebdd5107e879228874c6f153 | ELSA-2020-5561 | |
| libcurl-7.19.7-46.el6.i686.rpm | 2fd25492f99301691ae7df30461e15ae | ELSA-2020-5561 | |
| libcurl-devel-7.19.7-46.el6.i686.rpm | 12e45d78b587779617ace0488ef24f3a | ELSA-2020-5561 | |
| Oracle Linux 6 (x86_64) | curl-7.19.7-46.el6.src.rpm | 16c01e23c7d3ce3fd8e6d4af40c22054 | ELSA-2020-5561 |
| curl-7.19.7-46.el6.x86_64.rpm | 269758dfe24de153ee27352f0f34f561 | ELSA-2020-5561 | |
| libcurl-7.19.7-46.el6.i686.rpm | 2fd25492f99301691ae7df30461e15ae | ELSA-2020-5561 | |
| libcurl-7.19.7-46.el6.x86_64.rpm | fc98f455980f786095950b014a6b3bab | ELSA-2020-5561 | |
| libcurl-devel-7.19.7-46.el6.i686.rpm | 12e45d78b587779617ace0488ef24f3a | ELSA-2020-5561 | |
| libcurl-devel-7.19.7-46.el6.x86_64.rpm | 389c71138be361e5f6eb009357ff7719 | ELSA-2020-5561 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
