ELSA-2015-2159

ULN >
Oracle Linux Errata repository >
ELSA-2015-2159

ELSA-2015-2159 - curl security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2015-11-23

Description

[7.29.0-25.0.1]
- disable check to make build pass

[7.29.0-25]
- fix spurious failure of test 1500 on ppc64le (#1218272)

[7.29.0-24]
- use the default min/max TLS version provided by NSS (#1170339)
- improve handling of timeouts and blocking direction to speed up FTP (#1218272)

[7.29.0-23]
- require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)

[7.29.0-22]
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)

[7.29.0-21]
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)

[7.29.0-20]
- eliminate unnecessary delay when resolving host from /etc/hosts (#1130239)
- allow to enable/disable new AES cipher-suites (#1066065)
- call PR_Cleanup() on curl tool exit if NSPR is used (#1071254)
- implement non-blocking TLS handshake (#1091429)
- fix limited connection re-use for unencrypted HTTP (#1101092)
- disable libcurl-level downgrade to SSLv3 (#1154060)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161182)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1166264)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	curl-7.29.0-25.0.1.el7.src.rpm	67cdb5c4ab1b5e5f74463fb8a8bca70c13b9755f8b301df15a4ee88bd1088262	ELSA-2023-7743	ol7_x86_64_latest_archive
	curl-7.29.0-25.0.1.el7.src.rpm	67cdb5c4ab1b5e5f74463fb8a8bca70c13b9755f8b301df15a4ee88bd1088262	ELSA-2023-7743	ol7_x86_64_u2_base
	curl-7.29.0-25.0.1.el7.x86_64.rpm	209e0b08894ab63615bac31b52b240388f0a537bdde047ab6d486840acdc0d8a	ELSA-2023-7743	ol7_x86_64_latest_archive
	curl-7.29.0-25.0.1.el7.x86_64.rpm	209e0b08894ab63615bac31b52b240388f0a537bdde047ab6d486840acdc0d8a	ELSA-2023-7743	ol7_x86_64_u2_base
	libcurl-7.29.0-25.0.1.el7.i686.rpm	7c4422c84e2361ae054fc5ffddc633add6c66b6efc831c19bb88ebfe79acb06c	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-7.29.0-25.0.1.el7.i686.rpm	7c4422c84e2361ae054fc5ffddc633add6c66b6efc831c19bb88ebfe79acb06c	ELSA-2023-7743	ol7_x86_64_u2_base
	libcurl-7.29.0-25.0.1.el7.x86_64.rpm	3b9fdfcc048a712a6bae8b290ef336f640e01c7efe7e1ffe1b6955721445a68f	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-7.29.0-25.0.1.el7.x86_64.rpm	3b9fdfcc048a712a6bae8b290ef336f640e01c7efe7e1ffe1b6955721445a68f	ELSA-2023-7743	ol7_x86_64_u2_base
	libcurl-devel-7.29.0-25.0.1.el7.i686.rpm	52c73a53751c80afc308134f2123fdffc22ec9b2b5337faa71fd0c69df0786cc	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-devel-7.29.0-25.0.1.el7.i686.rpm	52c73a53751c80afc308134f2123fdffc22ec9b2b5337faa71fd0c69df0786cc	ELSA-2023-7743	ol7_x86_64_u2_base
	libcurl-devel-7.29.0-25.0.1.el7.x86_64.rpm	f918d1193a525698b5bc1cd6276f3138d4f720d7adc09c8462d4de1ebb48c797	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-devel-7.29.0-25.0.1.el7.x86_64.rpm	f918d1193a525698b5bc1cd6276f3138d4f720d7adc09c8462d4de1ebb48c797	ELSA-2023-7743	ol7_x86_64_u2_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691