ELSA-2023-7743

ULN >
Oracle Linux Errata repository >
ELSA-2023-7743

ELSA-2023-7743 - curl security update

Type:	SECURITY
Severity:	LOW
Release Date:	2023-12-12

Description

[7.29.0-59.0.3.el7_9.2]
- load CA certificates even with --insecure [Orabug: 32836997]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.2]
- fix HTTP proxy deny use after free (CVE-2022-43552)
- rebuild certs with 2048-bit RSA keys

Related CVEs

CVE-2022-43552

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_aarch64_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_aarch64_optional_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_aarch64_u9_patch
	curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	252a6645273d740ca155b5f55a80dc5e	-	ol7_aarch64_latest
	curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	252a6645273d740ca155b5f55a80dc5e	-	ol7_aarch64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	031b6de685c27ed6a561297997f2a337	-	ol7_aarch64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	031b6de685c27ed6a561297997f2a337	-	ol7_aarch64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm	d6247ee163f149274fb5170608496625	-	ol7_aarch64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm	d6247ee163f149274fb5170608496625	-	ol7_aarch64_u9_patch

Oracle Linux 7 (x86_64)	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_x86_64_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_x86_64_optional_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	edc49001778d72d71568a1e65882bedd	-	ol7_x86_64_u9_patch
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	b7a4a3fd54ee57068c5750e3db1f9ade	-	ol7_x86_64_latest
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	b7a4a3fd54ee57068c5750e3db1f9ade	-	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm	b5459ceeaa7d856853a35a6defb64aba	-	ol7_x86_64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm	b5459ceeaa7d856853a35a6defb64aba	-	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	5b17fe83bb581123e066de1ed66ab3b4	-	ol7_x86_64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	5b17fe83bb581123e066de1ed66ab3b4	-	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm	26e3974c21e4872e4b4b8cde0bb869e0	-	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm	26e3974c21e4872e4b4b8cde0bb869e0	-	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm	2b9d8d79051108cbdadc889367c5ab76	-	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm	2b9d8d79051108cbdadc889367c5ab76	-	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691