ELSA-2024-1601

ULN >
Oracle Linux Errata repository >
ELSA-2024-1601

ELSA-2024-1601 - curl security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-04-03

Description

[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)

Related CVEs

CVE-2023-38546

CVE-2023-28322

CVE-2023-46218

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	curl-7.61.1-33.el8_9.5.src.rpm	887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c	-	ol8_aarch64_baseos_latest
	curl-7.61.1-33.el8_9.5.src.rpm	887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c	-	ol8_aarch64_u9_baseos_patch
	curl-7.61.1-33.el8_9.5.aarch64.rpm	5c5d7fa8b9e933a149f0ac3677b53d74ba1270b65d7593c06bb4eb04aa258734	-	ol8_aarch64_baseos_latest
	curl-7.61.1-33.el8_9.5.aarch64.rpm	5c5d7fa8b9e933a149f0ac3677b53d74ba1270b65d7593c06bb4eb04aa258734	-	ol8_aarch64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.aarch64.rpm	4bf256e3f8bd4bdd0916c45d891818ed5b5488c52a6cc1883a2551d1003f365e	-	ol8_aarch64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.aarch64.rpm	4bf256e3f8bd4bdd0916c45d891818ed5b5488c52a6cc1883a2551d1003f365e	-	ol8_aarch64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm	0d849c226913f9444d90a7bbf1a24fa3e3f19ec31f7d66675349a974b1103db9	-	ol8_aarch64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm	0d849c226913f9444d90a7bbf1a24fa3e3f19ec31f7d66675349a974b1103db9	-	ol8_aarch64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm	b9678e1b89844c564abf781384bc8f70572ddcd583502002d946c5f5f6b01c6b	-	ol8_aarch64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm	b9678e1b89844c564abf781384bc8f70572ddcd583502002d946c5f5f6b01c6b	-	ol8_aarch64_u9_baseos_patch

Oracle Linux 8 (x86_64)	curl-7.61.1-33.el8_9.5.src.rpm	887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c	-	ol8_x86_64_baseos_latest
	curl-7.61.1-33.el8_9.5.src.rpm	887c18c8633a432b0a377d5c0b638ce003e20aba873e134e07c16341787ba91c	-	ol8_x86_64_u9_baseos_patch
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_23.1.13.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_23.1.14.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_23.1.15.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_24.1.0.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_24.1.1.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	exadata_dbserver_24.1.3.0.0_x86_64_base
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	ol8_x86_64_baseos_latest
	curl-7.61.1-33.el8_9.5.x86_64.rpm	9f1965486d01442b71585b3d64b8d2a7fc825e8b8feb65334378baa0b735141c	-	ol8_x86_64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.i686.rpm	581556dd042059e8a4689b2540e7efc07677c951cfa85c16b2d5d22c3af690d7	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.i686.rpm	581556dd042059e8a4689b2540e7efc07677c951cfa85c16b2d5d22c3af690d7	-	ol8_x86_64_u9_baseos_patch
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_23.1.13.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_23.1.14.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_23.1.15.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_24.1.0.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_24.1.1.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	exadata_dbserver_24.1.3.0.0_x86_64_base
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	ol8_x86_64_baseos_latest
	libcurl-7.61.1-33.el8_9.5.x86_64.rpm	f133fefbaf2fd909894adcdccc8311a67739eaa3b28c6b85c4c1b47b0b351ed8	-	ol8_x86_64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.i686.rpm	e12ba849cf979bd9181e189292fc86f6305ea49b48086599a98c0bff8bb89486	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.i686.rpm	e12ba849cf979bd9181e189292fc86f6305ea49b48086599a98c0bff8bb89486	-	ol8_x86_64_u9_baseos_patch
	libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm	fe53a3c1aeed951edc74da34b8627aa6b6d71811036753fbfec9ca17360de100	-	ol8_x86_64_baseos_latest
	libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm	fe53a3c1aeed951edc74da34b8627aa6b6d71811036753fbfec9ca17360de100	-	ol8_x86_64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm	1036819b5d2a81844208756676e41c4c3b0cf4748e50bc8b94fd5a9b81b2c6cd	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm	1036819b5d2a81844208756676e41c4c3b0cf4748e50bc8b94fd5a9b81b2c6cd	-	ol8_x86_64_u9_baseos_patch
	libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm	e6a7600e5b22f543b1f9126d16b69e11af7ac8bd0f81119e627c3d10f9a6b1f4	-	ol8_x86_64_baseos_latest
	libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm	e6a7600e5b22f543b1f9126d16b69e11af7ac8bd0f81119e627c3d10f9a6b1f4	-	ol8_x86_64_u9_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691