ELSA-2016-2575

ULN >
Oracle Linux Errata repository >
ELSA-2016-2575

ELSA-2016-2575 - curl security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2016-11-09

Description

[7.29.0-35]
- fix incorrect use of a previously loaded certificate from file
(related to CVE-2016-5420)

[7.29.0-34]
- acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
(required by the fix for CVE-2016-5419)

[7.29.0-33]
- fix re-using connections with wrong client cert (CVE-2016-5420)
- fix TLS session resumption client cert bypass (CVE-2016-5419)

[7.29.0-32]
- configure: improve detection of GCC's -fvisibility= flag

[7.29.0-31]
- prevent curl_multi_wait() from missing an event (#1347904)

[7.29.0-30]
- curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts (#1305974)

[7.29.0-29]
- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat '' as NULL (#1275769)

[7.29.0-28]
- prevent NSS from incorrectly re-using a session (#1269855)
- call PR_Cleanup() in the upstream test-suite if NSPR is used (#1243324)
- disable unreliable upstream test-case 2032 (#1241168)

[7.29.0-27]
- SSH: do not require public key file for user authentication (#1275769)

[7.29.0-26]
- implement 'curl --unix-socket' and CURLOPT_UNIX_SOCKET_PATH (#1263318)
- improve parsing of URL-encoded user name and password (#1260178)
- prevent test46 from failing due to expired cookie (#1258834)

Related CVEs

CVE-2016-7141

CVE-2016-5419

CVE-2016-5420

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	curl-7.29.0-35.el7.src.rpm	33ea096ca95ef78fb969ebe1991d5641993df472d8ac3e98aaa5c03a471567bc	ELSA-2023-7743	ol7_x86_64_latest_archive
	curl-7.29.0-35.el7.src.rpm	33ea096ca95ef78fb969ebe1991d5641993df472d8ac3e98aaa5c03a471567bc	ELSA-2023-7743	ol7_x86_64_u3_base
	curl-7.29.0-35.el7.x86_64.rpm	f5607de0818abf5103eee1c399967f1f1b0ef6f8913be791d31b497e008f14f2	ELSA-2023-7743	ol7_x86_64_latest_archive
	curl-7.29.0-35.el7.x86_64.rpm	f5607de0818abf5103eee1c399967f1f1b0ef6f8913be791d31b497e008f14f2	ELSA-2023-7743	ol7_x86_64_u3_base
	libcurl-7.29.0-35.el7.i686.rpm	aa69dd543f56fc816fd2aa7491af0f1bdca99d9631ada812eb8af2d323462b01	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-7.29.0-35.el7.i686.rpm	aa69dd543f56fc816fd2aa7491af0f1bdca99d9631ada812eb8af2d323462b01	ELSA-2023-7743	ol7_x86_64_u3_base
	libcurl-7.29.0-35.el7.x86_64.rpm	ab1aea3d6e1245832bfefcc0efdd9ca6c173df9aa65c77f3a784361253f3f9e3	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-7.29.0-35.el7.x86_64.rpm	ab1aea3d6e1245832bfefcc0efdd9ca6c173df9aa65c77f3a784361253f3f9e3	ELSA-2023-7743	ol7_x86_64_u3_base
	libcurl-devel-7.29.0-35.el7.i686.rpm	6e10935f4a4d3a13445cdb272abb1fb4590da76a37a61b5ad3473fd98a14d214	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-devel-7.29.0-35.el7.i686.rpm	6e10935f4a4d3a13445cdb272abb1fb4590da76a37a61b5ad3473fd98a14d214	ELSA-2023-7743	ol7_x86_64_u3_base
	libcurl-devel-7.29.0-35.el7.x86_64.rpm	8689606bf3df43b486339e34dded377fcb2de75ed1259933fb08fc9c46952c6a	ELSA-2023-7743	ol7_x86_64_latest_archive
	libcurl-devel-7.29.0-35.el7.x86_64.rpm	8689606bf3df43b486339e34dded377fcb2de75ed1259933fb08fc9c46952c6a	ELSA-2023-7743	ol7_x86_64_u3_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691