ELSA-2019-2181
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-2181
ELSA-2019-2181 - curl security and bug fix update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2019-08-13 |
Description
[7.29.0-54.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
[7.29.0-54]
- make 'curl --tlsv1' backward compatible (#1672639)
[7.29.0-53]
- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)
[7.29.0-52]
- prevent curl --rate-limit from hanging on file URLs (#1281969)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- fix bad arithmetic when outputting warnings to stderr (CVE-2018-16842)
- backport options to force TLS 1.3 in curl and libcurl (#1672639)
- prevent curl --rate-limit from crashing on https URLs (#1683292)
Related CVEs
| CVE-2018-16842 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | curl-7.29.0-54.0.1.el7.src.rpm | ee29e2dbd10e44068b1a8cfdef208342 | ELBA-2021-9230 |
| curl-7.29.0-54.0.1.el7.aarch64.rpm | 30e0aab0751b1625bb5d8b68dc16de74 | ELBA-2021-9230 | |
| libcurl-7.29.0-54.0.1.el7.aarch64.rpm | 64401ef496314eedb55aea8a14452dc4 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-54.0.1.el7.aarch64.rpm | a2806c555a3968ec47ae1245ea8d3a0e | ELBA-2021-9230 | |
| Oracle Linux 7 (x86_64) | curl-7.29.0-54.0.1.el7.src.rpm | ee29e2dbd10e44068b1a8cfdef208342 | ELBA-2021-9230 |
| curl-7.29.0-54.0.1.el7.x86_64.rpm | d2104dbd4d1018f07b3fb70043449f05 | ELBA-2021-9230 | |
| libcurl-7.29.0-54.0.1.el7.i686.rpm | 48b4299ec5170d5f1af60f8785b97a8a | ELBA-2021-9230 | |
| libcurl-7.29.0-54.0.1.el7.x86_64.rpm | ef64631559bd641fa9dafcfda354ddc0 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-54.0.1.el7.i686.rpm | fd45551295b01bbcb5738758c2f2712b | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-54.0.1.el7.x86_64.rpm | 9b8c5a39a23292f142f1e3d1a37d9956 | ELBA-2021-9230 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
