ELSA-2019-3701

ULN >
Oracle Linux Errata repository >
ELSA-2019-3701

ELSA-2019-3701 - curl security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2019-11-14

Description

[7.61.1-11]
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing

[7.61.1-10]
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)

[7.61.1-9]
- do not let libssh create a new socket for SCP/SFTP (#1669156)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	curl-7.61.1-11.el8.src.rpm	6715bc18b475d24d136b7af6052b555a833cd986fe5394a686e0e7b7560ca1bc	-	ol8_aarch64_baseos_latest
	curl-7.61.1-11.el8.aarch64.rpm	2b9bf0d3c893e5b33aab26bf3688eba365710d4bda998f72c0cc1e4f53c069d6	-	ol8_aarch64_baseos_latest
	libcurl-7.61.1-11.el8.aarch64.rpm	f2c1ac50d1b255605d81a8e8119028c9978b3db414d508038f3044eac42eaf6c	-	ol8_aarch64_baseos_latest
	libcurl-devel-7.61.1-11.el8.aarch64.rpm	b944dd1e330d65f1826c83dbe1ad5dacba0f6956679c56cbdb8ff1ee784395e6	-	ol8_aarch64_baseos_latest
	libcurl-minimal-7.61.1-11.el8.aarch64.rpm	4369dd23d7b35c9913cbf7fa40f2a2bf8da46de83f2a0b1373625ae6189887ae	-	ol8_aarch64_baseos_latest

Oracle Linux 8 (x86_64)	curl-7.61.1-11.el8.src.rpm	6715bc18b475d24d136b7af6052b555a833cd986fe5394a686e0e7b7560ca1bc	-	ol8_x86_64_baseos_latest
	curl-7.61.1-11.el8.src.rpm	6715bc18b475d24d136b7af6052b555a833cd986fe5394a686e0e7b7560ca1bc	-	ol8_x86_64_u1_baseos_base
	curl-7.61.1-11.el8.x86_64.rpm	6c50abf2c9ad096cb24b378f897577f7e2cc0149e1e2325b603bcfaef916d0ec	-	ol8_x86_64_baseos_latest
	curl-7.61.1-11.el8.x86_64.rpm	6c50abf2c9ad096cb24b378f897577f7e2cc0149e1e2325b603bcfaef916d0ec	-	ol8_x86_64_u1_baseos_base
	libcurl-7.61.1-11.el8.i686.rpm	c3a0572e97c87ab8042e010ccc874326b444314da680b90562bef4549debf262	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-11.el8.i686.rpm	c3a0572e97c87ab8042e010ccc874326b444314da680b90562bef4549debf262	-	ol8_x86_64_u1_baseos_base
	libcurl-7.61.1-11.el8.x86_64.rpm	8c38dc97a82827d41a3c45bd53abb5de9ee3b9f20a961b6fe4064c392b8155d2	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-11.el8.x86_64.rpm	8c38dc97a82827d41a3c45bd53abb5de9ee3b9f20a961b6fe4064c392b8155d2	-	ol8_x86_64_u1_baseos_base
	libcurl-devel-7.61.1-11.el8.i686.rpm	78f0d63a6c641f733bb9eadc90a0e4a340e53c36739fe99e69bdc40ad3f484c3	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-11.el8.i686.rpm	78f0d63a6c641f733bb9eadc90a0e4a340e53c36739fe99e69bdc40ad3f484c3	-	ol8_x86_64_u1_baseos_base
	libcurl-devel-7.61.1-11.el8.x86_64.rpm	f7ed99afcc5ab64cc7a79189731ae47f4d83a2d6286ceea9074ac00e9ee1c1fe	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-11.el8.x86_64.rpm	f7ed99afcc5ab64cc7a79189731ae47f4d83a2d6286ceea9074ac00e9ee1c1fe	-	ol8_x86_64_u1_baseos_base
	libcurl-minimal-7.61.1-11.el8.i686.rpm	39e0501f6d81b17184efc15bfeed105f4487bbee1245b9f4a496bb0d8ea542c0	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-11.el8.i686.rpm	39e0501f6d81b17184efc15bfeed105f4487bbee1245b9f4a496bb0d8ea542c0	-	ol8_x86_64_u1_baseos_base
	libcurl-minimal-7.61.1-11.el8.x86_64.rpm	69ab873e727faea9c2df545e75a2be53c336fef67efbf0b1ed810eada268c2af	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-11.el8.x86_64.rpm	69ab873e727faea9c2df545e75a2be53c336fef67efbf0b1ed810eada268c2af	-	ol8_x86_64_u1_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691