ELSA-2023-2963

ULN >
Oracle Linux Errata repository >
ELSA-2023-2963

ELSA-2023-2963 - curl security and bug fix update

Type:	SECURITY
Severity:	LOW
Release Date:	2023-05-24

Description

[7.61.1-30]
- fix HTTP multi-header compression denial of service (CVE-2023-23916)

[7.61.1-29]
- h2: lower initial window size to 32 MiB (#2166254)

[7.61.1-28]
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)

[7.61.1-27]
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)

[7.61.1-26]
- control code in cookie denial of service (CVE-2022-35252)

Related CVEs

CVE-2022-43552

CVE-2022-35252

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	curl-7.61.1-30.el8.src.rpm	03b3dd21300f8b9714c205e24958c0cd	-
	curl-7.61.1-30.el8.aarch64.rpm	0dabea9f4e22f1afb0413500a3aa19b5	-
	libcurl-7.61.1-30.el8.aarch64.rpm	b4cb5ff18b3b66f981a1758a88424f40	-
	libcurl-devel-7.61.1-30.el8.aarch64.rpm	5af79dbb3db98ff3298b768cf0b5fef9	-
	libcurl-minimal-7.61.1-30.el8.aarch64.rpm	b6c4655ce0acb226a2854bccb7fa2007	-

Oracle Linux 8 (x86_64)	curl-7.61.1-30.el8.src.rpm	03b3dd21300f8b9714c205e24958c0cd	-
	curl-7.61.1-30.el8.x86_64.rpm	a3ff367dc1018f018dc9fa484f6a934d	-
	libcurl-7.61.1-30.el8.i686.rpm	58a8a6bcf8257b391ebaaaa6d097c837	-
	libcurl-7.61.1-30.el8.x86_64.rpm	cfd54d0682e7e93c43c21f3be699a80b	-
	libcurl-devel-7.61.1-30.el8.i686.rpm	c8566dcbd62fbfe058e8e58e6103b5f6	-
	libcurl-devel-7.61.1-30.el8.x86_64.rpm	beafb17e90c43f02b549e2f3423380b8	-
	libcurl-minimal-7.61.1-30.el8.i686.rpm	52ce80313acabc56d1e61856ea3beb00	-
	libcurl-minimal-7.61.1-30.el8.x86_64.rpm	65dfcd647afb832ab34a6932584c78c8	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691