ELSA-2020-3916

ULN >
Oracle Linux Errata repository >
ELSA-2020-3916

ELSA-2020-3916 - curl security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-10-06

Description

[7.29.0-59.0.1]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59]
- http: free protocol-specific struct in setup_connection callback (#1836773)

[7.29.0-58]
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

Related CVEs

CVE-2019-5482

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-59.0.1.el7.src.rpm	9317405e2f52da02a21a060268f1d9b6135540ca8aa9e997e7db75c3ccb6ed6a	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-59.0.1.el7.src.rpm	9317405e2f52da02a21a060268f1d9b6135540ca8aa9e997e7db75c3ccb6ed6a	ELSA-2023-7743	ol7_aarch64_u9_base
	curl-7.29.0-59.0.1.el7.aarch64.rpm	c61de4d143d95ff7ec95a7bf03270fe50e00e842a993f0481e6b244fbd258522	ELSA-2023-7743	ol7_aarch64_latest
	curl-7.29.0-59.0.1.el7.aarch64.rpm	c61de4d143d95ff7ec95a7bf03270fe50e00e842a993f0481e6b244fbd258522	ELSA-2023-7743	ol7_aarch64_u9_base
	libcurl-7.29.0-59.0.1.el7.aarch64.rpm	337e6277dc762109f39b8199dfb8d95b55426ace18a77d3a095b5a9d79f55444	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-7.29.0-59.0.1.el7.aarch64.rpm	337e6277dc762109f39b8199dfb8d95b55426ace18a77d3a095b5a9d79f55444	ELSA-2023-7743	ol7_aarch64_u9_base
	libcurl-devel-7.29.0-59.0.1.el7.aarch64.rpm	e166600e7f72e8489fd3b3fb912c12b70bce77f2bd4da810c68e548991345c70	ELSA-2023-7743	ol7_aarch64_latest
	libcurl-devel-7.29.0-59.0.1.el7.aarch64.rpm	e166600e7f72e8489fd3b3fb912c12b70bce77f2bd4da810c68e548991345c70	ELSA-2023-7743	ol7_aarch64_u9_base

Oracle Linux 7 (x86_64)	curl-7.29.0-59.0.1.el7.src.rpm	9317405e2f52da02a21a060268f1d9b6135540ca8aa9e997e7db75c3ccb6ed6a	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-59.0.1.el7.src.rpm	9317405e2f52da02a21a060268f1d9b6135540ca8aa9e997e7db75c3ccb6ed6a	ELSA-2023-7743	ol7_x86_64_u9_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_19.2.19.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_19.2.20.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_19.3.13.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_19.3.14.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_20.1.3.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	exadata_dbserver_20.1.4.0.0_x86_64_base
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	ol7_x86_64_latest
	curl-7.29.0-59.0.1.el7.x86_64.rpm	39e2c15862c13e093a1d17e80f99d983f1a81cf135754917baa8efd34e087fad	ELSA-2023-7743	ol7_x86_64_u9_base
	libcurl-7.29.0-59.0.1.el7.i686.rpm	df0f6b1acbe91000b0f774d3ac07a7955ac969a89eb6a6acff1b8611268d690a	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-59.0.1.el7.i686.rpm	df0f6b1acbe91000b0f774d3ac07a7955ac969a89eb6a6acff1b8611268d690a	ELSA-2023-7743	ol7_x86_64_u9_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_19.2.19.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_19.2.20.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_19.3.13.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_19.3.14.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_20.1.3.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	exadata_dbserver_20.1.4.0.0_x86_64_base
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-7.29.0-59.0.1.el7.x86_64.rpm	b7da3b59d8935d388362a55d9e0d09f3b75e3fffbd7dcad9b3a5d11e1cd351f1	ELSA-2023-7743	ol7_x86_64_u9_base
	libcurl-devel-7.29.0-59.0.1.el7.i686.rpm	6a3938d03a69f69c58f968da13dd2f3e32b6ce1680aabba2d782a0ff29ec566c	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.1.el7.i686.rpm	6a3938d03a69f69c58f968da13dd2f3e32b6ce1680aabba2d782a0ff29ec566c	ELSA-2023-7743	ol7_x86_64_u9_base
	libcurl-devel-7.29.0-59.0.1.el7.x86_64.rpm	7c97c4e31368f5f51bb5c6789046bb8313307b51d59b7aa51fefe0ddea5a65a4	ELSA-2023-7743	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.1.el7.x86_64.rpm	7c97c4e31368f5f51bb5c6789046bb8313307b51d59b7aa51fefe0ddea5a65a4	ELSA-2023-7743	ol7_x86_64_u9_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691