ELSA-2020-1020

ULN >
Oracle Linux Errata repository >
ELSA-2020-1020

ELSA-2020-1020 - curl security and bug fix update

Type:	SECURITY
Impact:	LOW
Release Date:	2020-04-06

Description

[7.29.0-57.0.1]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-57]
- allow curl to POST from a char device (#1769307)

[7.29.0-56]
- fix auth failure with duplicated WWW-Authenticate header (#1754736)

[7.29.0-55]
- fix TFTP receive buffer overflow (CVE-2019-5436)

Related CVEs

CVE-2019-5436

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-57.0.1.el7.src.rpm	80afa70d9616d7841b420457c3fcc5195111597209b9ca84769cd1b6fc659210	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-57.0.1.el7.src.rpm	80afa70d9616d7841b420457c3fcc5195111597209b9ca84769cd1b6fc659210	ELSA-2023-7743	ol7_aarch64_u8_base
	curl-7.29.0-57.0.1.el7.aarch64.rpm	bd890bec503a630ebdfd7b48f58b6b1fab0be9599ff81971716fe8f01ca729d1	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-57.0.1.el7.aarch64.rpm	bd890bec503a630ebdfd7b48f58b6b1fab0be9599ff81971716fe8f01ca729d1	ELSA-2023-7743	ol7_aarch64_u8_base
	libcurl-7.29.0-57.0.1.el7.aarch64.rpm	0fb7b25856ae99c6b0bcf28de96a22adc55545f77cdadae21708a45772e8199b	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-57.0.1.el7.aarch64.rpm	0fb7b25856ae99c6b0bcf28de96a22adc55545f77cdadae21708a45772e8199b	ELSA-2023-7743	ol7_aarch64_u8_base
	libcurl-devel-7.29.0-57.0.1.el7.aarch64.rpm	a220ef5f8d82b866ee4774b43d96463b053a10a7d8fb0798a61c4f7d90bb6633	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-57.0.1.el7.aarch64.rpm	a220ef5f8d82b866ee4774b43d96463b053a10a7d8fb0798a61c4f7d90bb6633	ELSA-2023-7743	ol7_aarch64_u8_base

Oracle Linux 7 (x86_64)	curl-7.29.0-57.0.1.el7.src.rpm	80afa70d9616d7841b420457c3fcc5195111597209b9ca84769cd1b6fc659210	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-57.0.1.el7.src.rpm	80afa70d9616d7841b420457c3fcc5195111597209b9ca84769cd1b6fc659210	ELSA-2023-7743	ol7_x86_64_u8_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.2.14.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.2.15.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.2.16.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.2.17.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.3.10.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.3.11.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.3.8.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_19.3.9.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_20.1.0.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	exadata_dbserver_20.1.1.0.0_x86_64_base
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-57.0.1.el7.x86_64.rpm	c8b615448d43ea3f913eae713f9e8e2ffe6305098aeaca824fca4a6bac3948c5	ELSA-2023-7743	ol7_x86_64_u8_base
	libcurl-7.29.0-57.0.1.el7.i686.rpm	267ab5ff8d4ea9f3ad546c3f15638280708a275618e674581f9f5b0357f67440	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-57.0.1.el7.i686.rpm	267ab5ff8d4ea9f3ad546c3f15638280708a275618e674581f9f5b0357f67440	ELSA-2023-7743	ol7_x86_64_u8_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.2.14.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.2.15.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.2.16.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.2.17.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.3.10.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.3.11.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.3.8.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_19.3.9.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_20.1.0.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	exadata_dbserver_20.1.1.0.0_x86_64_base
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-57.0.1.el7.x86_64.rpm	b03881f1ac2647d5afea4693f4c15d3f3e2ac9fbdf55cf5f807761f66ac6451d	ELSA-2023-7743	ol7_x86_64_u8_base
	libcurl-devel-7.29.0-57.0.1.el7.i686.rpm	d992c4a675521d64fb3b2ed081c49d1e8ad3a085ea614d034a61a6900ecce2bd	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-57.0.1.el7.i686.rpm	d992c4a675521d64fb3b2ed081c49d1e8ad3a085ea614d034a61a6900ecce2bd	ELSA-2023-7743	ol7_x86_64_u8_base
	libcurl-devel-7.29.0-57.0.1.el7.x86_64.rpm	af4f10998794a39902b4444c8e8f5c6786e7ba416a04d86e71ec82244ca8c4d5	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-57.0.1.el7.x86_64.rpm	af4f10998794a39902b4444c8e8f5c6786e7ba416a04d86e71ec82244ca8c4d5	ELSA-2023-7743	ol7_x86_64_u8_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691