ELSA-2021-1610

ELSA-2021-1610 - curl security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2021-05-25

Description

[7.61.1-18]
- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

[7.61.1-17]
- validate an ssl connection using an intermediate certificate (#1895355)

[7.61.1-16]
- fix multiarch conflicts in libcurl-minimal (#1895391)

[7.61.1-15]
- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
- libcurl: wrong connect-only connection (CVE-2020-8231)

Related CVEs

CVE-2020-8231

CVE-2020-8284

CVE-2020-8285

CVE-2020-8286

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 8 (aarch64)	curl-7.61.1-18.el8.src.rpm	bf8067b732b6365f4c34d66839939404	-
	curl-7.61.1-18.el8.aarch64.rpm	eac844a182827e2a3d722c61b38e4032	-
	libcurl-7.61.1-18.el8.aarch64.rpm	0660c9b406fde7e08f512c43cce32ac0	-
	libcurl-devel-7.61.1-18.el8.aarch64.rpm	a6879c48ab797b20a2c668da00facf2a	-
	libcurl-minimal-7.61.1-18.el8.aarch64.rpm	b97fc9dc8bfbc00976362c615f2b7c4c	-
Oracle Linux 8 (x86_64)	curl-7.61.1-18.el8.src.rpm	bf8067b732b6365f4c34d66839939404	-
	curl-7.61.1-18.el8.x86_64.rpm	e798be2430a4732d2b8d457660f24fa2	-
	libcurl-7.61.1-18.el8.i686.rpm	d7d46229f8788f413605fca23dcc2d5d	-
	libcurl-7.61.1-18.el8.x86_64.rpm	693ac4c75031317ce6b508f982fd4346	-
	libcurl-devel-7.61.1-18.el8.i686.rpm	77d8a4fbac03a1169c4fb4e90159bde2	-
	libcurl-devel-7.61.1-18.el8.x86_64.rpm	9887cd93b6765c0298e08bd2b65a9120	-
	libcurl-minimal-7.61.1-18.el8.i686.rpm	39d49d8898023276a92ba3e914d7ec31	-
	libcurl-minimal-7.61.1-18.el8.x86_64.rpm	bde9d300699ade06bc0b5bffa1a6553b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team