ELSA-2020-3916
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-3916
ELSA-2020-3916 - curl security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2020-10-06 |
Description
[7.29.0-59.0.1]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch
[7.29.0-59]
- http: free protocol-specific struct in setup_connection callback (#1836773)
[7.29.0-58]
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
Related CVEs
| CVE-2019-5482 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | curl-7.29.0-59.0.1.el7.src.rpm | 5ba179b5b41091d68a5a5d7cc12f68ca | ELBA-2021-9230 |
| curl-7.29.0-59.0.1.el7.aarch64.rpm | cdf15db7903533f03228c68049b888b5 | ELBA-2021-9230 | |
| libcurl-7.29.0-59.0.1.el7.aarch64.rpm | 1756f65832a8ad4c5dbabc195c991346 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-59.0.1.el7.aarch64.rpm | f1b2008096abc4049cfe89c5318dbdb2 | ELBA-2021-9230 | |
| Oracle Linux 7 (x86_64) | curl-7.29.0-59.0.1.el7.src.rpm | 5ba179b5b41091d68a5a5d7cc12f68ca | ELBA-2021-9230 |
| curl-7.29.0-59.0.1.el7.x86_64.rpm | 4b8ab54f8f4abba5ec3ee6204d534b29 | ELBA-2021-9230 | |
| libcurl-7.29.0-59.0.1.el7.i686.rpm | 526936617c9c4a17de8c499cf8d4ddc6 | ELBA-2021-9230 | |
| libcurl-7.29.0-59.0.1.el7.x86_64.rpm | 5bd76d3eab7fef8717a46c9cb394c026 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-59.0.1.el7.i686.rpm | 41343a1fc18fa70aeac219d514f1da53 | ELBA-2021-9230 | |
| libcurl-devel-7.29.0-59.0.1.el7.x86_64.rpm | 71ef6c964e4c13f5387738ae48a60615 | ELBA-2021-9230 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
