ELSA-2024-1601

ELSA-2024-1601 - curl security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2024-04-03

Description


[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)


Related CVEs


CVE-2023-38546
CVE-2023-28322
CVE-2023-46218

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) curl-7.61.1-33.el8_9.5.src.rpm887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c-ol8_aarch64_baseos_latest
curl-7.61.1-33.el8_9.5.src.rpm887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c-ol8_aarch64_u9_baseos_patch
curl-7.61.1-33.el8_9.5.aarch64.rpm5c5d7fa8b9e933a149f0ac3677b53d74ba1270b65d7593c06bb4eb04aa258734-ol8_aarch64_baseos_latest
curl-7.61.1-33.el8_9.5.aarch64.rpm5c5d7fa8b9e933a149f0ac3677b53d74ba1270b65d7593c06bb4eb04aa258734-ol8_aarch64_u9_baseos_patch
libcurl-7.61.1-33.el8_9.5.aarch64.rpm4bf256e3f8bd4bdd0916c45d891818ed5b5488c52a6cc1883a2551d1003f365e-ol8_aarch64_baseos_latest
libcurl-7.61.1-33.el8_9.5.aarch64.rpm4bf256e3f8bd4bdd0916c45d891818ed5b5488c52a6cc1883a2551d1003f365e-ol8_aarch64_u9_baseos_patch
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm0d849c226913f9444d90a7bbf1a24fa3e3f19ec31f7d66675349a974b1103db9-ol8_aarch64_baseos_latest
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm0d849c226913f9444d90a7bbf1a24fa3e3f19ec31f7d66675349a974b1103db9-ol8_aarch64_u9_baseos_patch
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpmb9678e1b89844c564abf781384bc8f70572ddcd583502002d946c5f5f6b01c6b-ol8_aarch64_baseos_latest
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpmb9678e1b89844c564abf781384bc8f70572ddcd583502002d946c5f5f6b01c6b-ol8_aarch64_u9_baseos_patch
Oracle Linux 8 (x86_64) curl-7.61.1-33.el8_9.5.src.rpm887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c-ol8_x86_64_baseos_latest
curl-7.61.1-33.el8_9.5.src.rpm887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c-ol8_x86_64_u9_baseos_patch
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_23.1.13.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_23.1.14.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_23.1.15.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_24.1.0.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_24.1.1.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-exadata_dbserver_24.1.3.0.0_x86_64_base
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-ol8_x86_64_baseos_latest
curl-7.61.1-33.el8_9.5.x86_64.rpm9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c-ol8_x86_64_u9_baseos_patch
libcurl-7.61.1-33.el8_9.5.i686.rpm581556dd042059e8a4689b2540e7efc07677c951cfa85c16b2d5d22c3af690d7-ol8_x86_64_baseos_latest
libcurl-7.61.1-33.el8_9.5.i686.rpm581556dd042059e8a4689b2540e7efc07677c951cfa85c16b2d5d22c3af690d7-ol8_x86_64_u9_baseos_patch
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_23.1.13.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_23.1.14.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_23.1.15.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_24.1.0.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_24.1.1.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-exadata_dbserver_24.1.3.0.0_x86_64_base
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-ol8_x86_64_baseos_latest
libcurl-7.61.1-33.el8_9.5.x86_64.rpmf133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8-ol8_x86_64_u9_baseos_patch
libcurl-devel-7.61.1-33.el8_9.5.i686.rpme12ba849cf979bd9181e189292fc86f6305ea49b48086599a98c0bff8bb89486-ol8_x86_64_baseos_latest
libcurl-devel-7.61.1-33.el8_9.5.i686.rpme12ba849cf979bd9181e189292fc86f6305ea49b48086599a98c0bff8bb89486-ol8_x86_64_u9_baseos_patch
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpmfe53a3c1aeed951edc74da34b8627aa6b6d71811036753fbfec9ca17360de100-ol8_x86_64_baseos_latest
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpmfe53a3c1aeed951edc74da34b8627aa6b6d71811036753fbfec9ca17360de100-ol8_x86_64_u9_baseos_patch
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm1036819b5d2a81844208756676e41c4c3b0cf4748e50bc8b94fd5a9b81b2c6cd-ol8_x86_64_baseos_latest
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm1036819b5d2a81844208756676e41c4c3b0cf4748e50bc8b94fd5a9b81b2c6cd-ol8_x86_64_u9_baseos_patch
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpme6a7600e5b22f543b1f9126d16b69e11af7ac8bd0f81119e627c3d10f9a6b1f4-ol8_x86_64_baseos_latest
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpme6a7600e5b22f543b1f9126d16b69e11af7ac8bd0f81119e627c3d10f9a6b1f4-ol8_x86_64_u9_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete