ELSA-2019-1880
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-1880
ELSA-2019-1880 - curl security and bug fix update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2019-07-30 |
Description
[7.29.0-51.0.1.el7_6.3]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
[7.29.0-51.el7_6.3]
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
[7.29.0-51.el7_6.2]
- prevent curl --rate-limit from crashing on https URLs (#1683292)
[7.29.0-51.el7_6.1]
- prevent curl --rate-limit from hanging on file URLs (#1281969)
Related CVEs
| CVE-2018-14618 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | curl-7.29.0-51.0.1.el7_6.3.src.rpm | 6a0e7697d758912537e0fd9fc966785f | ELBA-2021-9230 |
| curl-7.29.0-51.0.1.el7_6.3.aarch64.rpm | fcbda29c1dac8ae38c512fcdde066a32 | ELBA-2021-9230 | |
| libcurl-7.29.0-51.0.1.el7_6.3.aarch64.rpm | 40385a5da23322c735c6fbd4421a5bf5 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.0.1.el7_6.3.aarch64.rpm | 0aa7eb5d8c05fd6a5a7f5acf6e739304 | ELBA-2021-9230 | |
| Oracle Linux 7 (x86_64) | curl-7.29.0-51.0.1.el7_6.3.src.rpm | 6a0e7697d758912537e0fd9fc966785f | ELBA-2021-9230 |
| curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm | 0d0237a0f4e13ddb0a598030ee244fbd | ELBA-2021-9230 | |
| libcurl-7.29.0-51.0.1.el7_6.3.i686.rpm | 4c6e53387d8b1f5204366cbd08917ff5 | ELBA-2021-9230 | |
| libcurl-7.29.0-51.0.1.el7_6.3.x86_64.rpm | 5a5a9577b46c7c87b01c634736b01b71 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.0.1.el7_6.3.i686.rpm | f6dfa71cfeb6479000775d829e249b60 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-51.0.1.el7_6.3.x86_64.rpm | 952cc280a39a6bfea47d6c9957fd18bd | ELBA-2021-9230 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
