ELSA-2018-3157
- ULN >
- Oracle Linux Errata repository >
- ELSA-2018-3157
ELSA-2018-3157 - curl and nss-pem security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2018-11-05 |
Description
curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum (#1610998)
[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang
[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)
[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)
[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)
nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)
Related CVEs
| CVE-2018-1000007 |
| CVE-2018-1000120 |
| CVE-2018-1000121 |
| CVE-2018-1000122 |
| CVE-2018-1000301 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | curl-7.29.0-51.el7.src.rpm | 5d484b44e95949afbbc5d71d549ce227 | ELBA-2021-9230 |
| nss-pem-1.0.3-5.el7.src.rpm | 49b4ad97fc96fce2d51a689d4b573d56 | ELBA-2019-2175 | |
| curl-7.29.0-51.el7.aarch64.rpm | baedbf0f864a7792f8ed99717e1e1f26 | ELBA-2021-9230 | |
| libcurl-7.29.0-51.el7.aarch64.rpm | 62f7532c19f792a506997e5c5a5f9545 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.el7.aarch64.rpm | 97421627d8a55b14061a570b057d60d7 | ELBA-2021-9230 | |
| nss-pem-1.0.3-5.el7.aarch64.rpm | 2d656e724089cc99b234573d4548f8a0 | ELBA-2019-2175 | |
| Oracle Linux 7 (x86_64) | curl-7.29.0-51.el7.src.rpm | 5d484b44e95949afbbc5d71d549ce227 | ELBA-2021-9230 |
| nss-pem-1.0.3-5.el7.src.rpm | 49b4ad97fc96fce2d51a689d4b573d56 | ELBA-2019-2175 | |
| curl-7.29.0-51.el7.x86_64.rpm | 6ef407fc04427fae2816d5c34078529f | ELBA-2021-9230 | |
| libcurl-7.29.0-51.el7.i686.rpm | 7781bc6742c909de47eb5d07ffb48a64 | ELBA-2021-9230 | |
| libcurl-7.29.0-51.el7.x86_64.rpm | 36f58941a4d414f52fe9a9f3062012e6 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.el7.i686.rpm | 742c084230799eaeaf839611b5fa1a39 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.el7.x86_64.rpm | 7a38440b0526f672e3a12a4592e231ee | ELBA-2021-9230 | |
| nss-pem-1.0.3-5.el7.i686.rpm | 564c74f3c4f7db91e09632ac3dc335ac | ELBA-2019-2175 | |
| nss-pem-1.0.3-5.el7.x86_64.rpm | eff1e543f60a6ba085a3eda2a9888dd6 | ELBA-2019-2175 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
