ELSA-2023-7743

ULN >
Oracle Linux Errata repository >
ELSA-2023-7743

ELSA-2023-7743 - curl security update

Type:	SECURITY
Impact:	LOW
Release Date:	2023-12-12

Description

[7.29.0-59.0.3.el7_9.2]
- load CA certificates even with --insecure [Orabug: 32836997]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.2]
- fix HTTP proxy deny use after free (CVE-2022-43552)
- rebuild certs with 2048-bit RSA keys

Related CVEs

CVE-2022-43552

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_aarch64_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_aarch64_optional_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_aarch64_u9_patch
	curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	9d9bc3b17c774a29627087b9eca33d19b6504c46ee3e4b710869ffdd4b4b3452	-	ol7_aarch64_latest
	curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	9d9bc3b17c774a29627087b9eca33d19b6504c46ee3e4b710869ffdd4b4b3452	-	ol7_aarch64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	cdd1aaad25a983e946992f02ca63ab492470a39a2ba13a16c4f29f1108398f63	-	ol7_aarch64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm	cdd1aaad25a983e946992f02ca63ab492470a39a2ba13a16c4f29f1108398f63	-	ol7_aarch64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm	0bc904d2f560cfb1c560b15a1c9b977d24faa834a5b217ef497c4390360e73a0	-	ol7_aarch64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm	0bc904d2f560cfb1c560b15a1c9b977d24faa834a5b217ef497c4390360e73a0	-	ol7_aarch64_u9_patch

Oracle Linux 7 (x86_64)	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_x86_64_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_x86_64_optional_latest
	curl-7.29.0-59.0.3.el7_9.2.src.rpm	701a20d36134e85e1dea47b7fc2fa8b4e3b6a4f3863d6f4dbff9322617ed6681	-	ol7_x86_64_u9_patch
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.19.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.20.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.21.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.22.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.23.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.24.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.25.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.26.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.27.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.28.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.29.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.30.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.31.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.32.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	exadata_dbserver_22.1.33.0.0_x86_64_base
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	ol7_x86_64_latest
	curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	fde301b0b53fc5828d84fb7528731088821504d5c2352cf98d89a31497e718cc	-	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm	185d2b29f0ff84e1615a38658d79f502fc1b7c6635e7cf8dc1090fe7fdb44548	-	ol7_x86_64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm	185d2b29f0ff84e1615a38658d79f502fc1b7c6635e7cf8dc1090fe7fdb44548	-	ol7_x86_64_u9_patch
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.19.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.20.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.21.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.22.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.23.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.24.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.25.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.26.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.27.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.28.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.29.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.30.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.31.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.32.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	exadata_dbserver_22.1.33.0.0_x86_64_base
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	ol7_x86_64_latest
	libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm	a3cdd592f17897e6dc334fce578e137b1b8a88ff7fee71ee88488617ae0f10e4	-	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm	08a6db879c3205f49982492fc1b41954e48c30d119a2da8a7467aa7865d8266f	-	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm	08a6db879c3205f49982492fc1b41954e48c30d119a2da8a7467aa7865d8266f	-	ol7_x86_64_u9_patch
	libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm	553baefcc3bc5505e9225d16db5af323b5708407bec868998e038fcecbb9b338	-	ol7_x86_64_latest
	libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm	553baefcc3bc5505e9225d16db5af323b5708407bec868998e038fcecbb9b338	-	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691