ELSA-2019-4652

ELSA-2019-4652 - curl security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-05-21

Description


[7.29.0-51.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)


Related CVEs


CVE-2016-8615
CVE-2016-8617
CVE-2016-8623
CVE-2016-8624
CVE-2016-8616
CVE-2016-8618
CVE-2016-8619
CVE-2016-8620
CVE-2016-8621
CVE-2016-8622
CVE-2016-8625

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) curl-7.19.7-53.0.2.el6_9.src.rpm4f15b3993538b9956415c8e473b28ee7-
curl-7.19.7-53.0.2.el6_9.i686.rpm0c61b6b0803880f9c50cc2162bdb5b58-
libcurl-7.19.7-53.0.2.el6_9.i686.rpm90a9110ae565c1e87daca25058e911be-
libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm85d0f12aaf9b500ce20203b7a60d52d7-
Oracle Linux 6 (x86_64) curl-7.19.7-53.0.2.el6_9.src.rpm4f15b3993538b9956415c8e473b28ee7-
curl-7.19.7-53.0.2.el6_9.x86_64.rpm95d0fa42e05fb6a739082d45c60b9038-
libcurl-7.19.7-53.0.2.el6_9.i686.rpm90a9110ae565c1e87daca25058e911be-
libcurl-7.19.7-53.0.2.el6_9.x86_64.rpme5b534005a0307f26308cb43adf02604-
libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm85d0f12aaf9b500ce20203b7a60d52d7-
libcurl-devel-7.19.7-53.0.2.el6_9.x86_64.rpm4b24ee5d6b00fc9da32c57f724c6a1ab-
Oracle Linux 7 (x86_64) curl-7.29.0-51.0.1.el7.src.rpm35d707956f7bc6a0970392677385a6bf-
curl-7.29.0-51.0.1.el7.x86_64.rpm4eb0432675069573c782e86737a635f1-
libcurl-7.29.0-51.0.1.el7.i686.rpm85ccb93099e84177b308831bf1f6ed53-
libcurl-7.29.0-51.0.1.el7.x86_64.rpm7a01b263aa4bbdec56ade8fd74d0f60d-
libcurl-devel-7.29.0-51.0.1.el7.i686.rpmc79ff5160f67efd086b528060e274187-
libcurl-devel-7.29.0-51.0.1.el7.x86_64.rpm409837292d3c6132c9d511ae57bbbdd0-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete