ELSA-2019-2181

ELSA-2019-2181 - curl security and bug fix update

Type:	SECURITY
Impact:	LOW
Release Date:	2019-08-13

Description

[7.29.0-54.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-54]
- make 'curl --tlsv1' backward compatible (#1672639)

[7.29.0-53]
- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)

[7.29.0-52]
- prevent curl --rate-limit from hanging on file URLs (#1281969)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- fix bad arithmetic when outputting warnings to stderr (CVE-2018-16842)
- backport options to force TLS 1.3 in curl and libcurl (#1672639)
- prevent curl --rate-limit from crashing on https URLs (#1683292)

Related CVEs

CVE-2018-16842

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (aarch64)	curl-7.29.0-54.0.1.el7.src.rpm	27661e99c60884dca514ec955bcdf292d9ffdde9cc66910823c30f36c2f12b3c	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-54.0.1.el7.src.rpm	27661e99c60884dca514ec955bcdf292d9ffdde9cc66910823c30f36c2f12b3c	ELSA-2023-7743	ol7_aarch64_u7_base
	curl-7.29.0-54.0.1.el7.aarch64.rpm	28ae241f7389ea5b2082c2882036a3eb41482aa4d19f19591aa96ae2fc2812fe	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-54.0.1.el7.aarch64.rpm	28ae241f7389ea5b2082c2882036a3eb41482aa4d19f19591aa96ae2fc2812fe	ELSA-2023-7743	ol7_aarch64_u7_base
	libcurl-7.29.0-54.0.1.el7.aarch64.rpm	7faa78387c17584f6a5c3d6c2a7ceccdd4443ed4024b80e2000d9406b01926ef	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-54.0.1.el7.aarch64.rpm	7faa78387c17584f6a5c3d6c2a7ceccdd4443ed4024b80e2000d9406b01926ef	ELSA-2023-7743	ol7_aarch64_u7_base
	libcurl-devel-7.29.0-54.0.1.el7.aarch64.rpm	b7f96d7adb726a4450db6043502c0ac048f714e22c5b9fcdd31abbeb308b836f	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-54.0.1.el7.aarch64.rpm	b7f96d7adb726a4450db6043502c0ac048f714e22c5b9fcdd31abbeb308b836f	ELSA-2023-7743	ol7_aarch64_u7_base
Oracle Linux 7 (x86_64)	curl-7.29.0-54.0.1.el7.src.rpm	27661e99c60884dca514ec955bcdf292d9ffdde9cc66910823c30f36c2f12b3c	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-54.0.1.el7.src.rpm	27661e99c60884dca514ec955bcdf292d9ffdde9cc66910823c30f36c2f12b3c	ELSA-2023-7743	ol7_x86_64_u7_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.2.8.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.2.9.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.3.0.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.3.1.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.3.2.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	exadata_dbserver_19.3.3.0.0_x86_64_base
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-54.0.1.el7.x86_64.rpm	d490d221c9ed073eb46fa5fdbab500743aaee3f89e87ac1dbf1f2c6df57980b4	ELSA-2023-7743	ol7_x86_64_u7_base
	libcurl-7.29.0-54.0.1.el7.i686.rpm	54cb92b8a83f3ea01d6450ce37231d0a28560a8c4c65751fbf1a8b9bc318fe51	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-54.0.1.el7.i686.rpm	54cb92b8a83f3ea01d6450ce37231d0a28560a8c4c65751fbf1a8b9bc318fe51	ELSA-2023-7743	ol7_x86_64_u7_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.2.8.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.2.9.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.3.0.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.3.1.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.3.2.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	exadata_dbserver_19.3.3.0.0_x86_64_base
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-54.0.1.el7.x86_64.rpm	3428c48d00642b16b45d1365d3bca22119bfb916337d119fe23903896f52df8b	ELSA-2023-7743	ol7_x86_64_u7_base
	libcurl-devel-7.29.0-54.0.1.el7.i686.rpm	65f875f5e353f8dd2ad0a06361146ca0550efd90cc478e225f6f52c75ecf2aee	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-54.0.1.el7.i686.rpm	65f875f5e353f8dd2ad0a06361146ca0550efd90cc478e225f6f52c75ecf2aee	ELSA-2023-7743	ol7_x86_64_u7_base
	libcurl-devel-7.29.0-54.0.1.el7.x86_64.rpm	b9aa05a9ecd7a6254cc215602fdf59eac28b5e1ca78fda0369d29bffcfcf3a47	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-54.0.1.el7.x86_64.rpm	b9aa05a9ecd7a6254cc215602fdf59eac28b5e1ca78fda0369d29bffcfcf3a47	ELSA-2023-7743	ol7_x86_64_u7_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team