ELSA-2019-3701

ULN >
Oracle Linux Errata repository >
ELSA-2019-3701

ELSA-2019-3701 - curl security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2019-11-14

Description

[7.61.1-11]
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing

[7.61.1-10]
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)

[7.61.1-9]
- do not let libssh create a new socket for SCP/SFTP (#1669156)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	curl-7.61.1-11.el8.src.rpm	f39c8f07762e71a26e89caa156f73cf2	-
	curl-7.61.1-11.el8.aarch64.rpm	d0b1d0c96c29ac66a3ade165bf1a1f15	-
	libcurl-7.61.1-11.el8.aarch64.rpm	f405f3779a6b6935c0af06aaccb6f358	-
	libcurl-devel-7.61.1-11.el8.aarch64.rpm	4960a836103cf92e5743cc68541ce795	-
	libcurl-minimal-7.61.1-11.el8.aarch64.rpm	bde6e3cc1e2f461c3d185cc877df1efe	-

Oracle Linux 8 (x86_64)	curl-7.61.1-11.el8.src.rpm	f39c8f07762e71a26e89caa156f73cf2	-
	curl-7.61.1-11.el8.x86_64.rpm	f5e2ac790844d4677ce0dc0ef1d8ee7f	-
	libcurl-7.61.1-11.el8.i686.rpm	96d57a3e92412c9f24754f7392735eb7	-
	libcurl-7.61.1-11.el8.x86_64.rpm	6a2e1558cf4632a97aaa4a110bff3a12	-
	libcurl-devel-7.61.1-11.el8.i686.rpm	36fa78643af76a4ba17360fdf459aebf	-
	libcurl-devel-7.61.1-11.el8.x86_64.rpm	5a56c40303060e1322dafbf652ce6b44	-
	libcurl-minimal-7.61.1-11.el8.i686.rpm	f024d92d579c7d033c9d736fb3f3c458	-
	libcurl-minimal-7.61.1-11.el8.x86_64.rpm	2578ab38ad09a96ed179c2db0a53956e	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691