ELSA-2020-5002

ULN >
Oracle Linux Errata repository >
ELSA-2020-5002

ELSA-2020-5002 - curl security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-11-12

Description

[7.29.0-59.0.1.1]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.1]
- avoid overwriting a local file with -J (CVE-2020-8177)

Related CVEs

CVE-2020-8177

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (aarch64)	curl-7.29.0-59.0.1.el7_9.1.src.rpm	e304e6ccc86c43abf155657007fef0ab	ELBA-2021-9230
	curl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	89927ed91edbe0bb95326b7b04c6034f	ELBA-2021-9230
	libcurl-7.29.0-59.0.1.el7_9.1.aarch64.rpm	0379bf899bef3b18ac054fa92fa6992c	ELBA-2021-9230
	libcurl-devel-7.29.0-59.0.1.el7_9.1.aarch64.rpm	e9328733cd6c8215c355b830f1258351	ELBA-2021-9230

Oracle Linux 7 (x86_64)	curl-7.29.0-59.0.1.el7_9.1.src.rpm	e304e6ccc86c43abf155657007fef0ab	ELBA-2021-9230
	curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	1b1b442b826348dfdc666e4daef18946	ELBA-2021-9230
	libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm	2c62b7c1f5ce275ea7848d8b7f69c510	ELBA-2021-9230
	libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm	d3428e7e98ee136c897c6c4213ce0d58	ELBA-2021-9230
	libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm	4bab23de81a20876f9f5fe622cc8fdac	ELBA-2021-9230
	libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm	a6450fb2f86e8e8c565ece66b188f475	ELBA-2021-9230

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691