OVMSA-2016-0056 - curl security update
| Type: | SECURITY |
| Severity: | NA |
| Release Date: | 2016-06-20 |
Description
[7.15.5-17]
- fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)
[7.15.5-16]
- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
[7.15.5-15]
- introduce the --delegation option of curl (#746849)
[7.15.5-14]
- fix stack smashing in the FTP implementation (#652557)
- fix proxy kerberos authentication (#657396)
- update running_handles counter properly in curl_multi_remove_handle (#688871)
[7.15.5-13]
- add a new option CURLOPT_GSSAPI_DELEGATION (#723643)
[7.15.5-12]
- do not delegate GSSAPI credentials (CVE-2011-2192)
[7.15.5-11]
- avoid use of uninitialized variable on failure of a LDAP request (#655073)
[7.15.5-10]
- proxy tunnel support for LDAP requests (#655073)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.2 (x86_64) | curl-7.15.5-17.el5_9.src.rpm | d9fa1188a77d797c73479d8ac182ac91 | OVMSA-2020-0035 |
| curl-7.15.5-17.el5_9.x86_64.rpm | 5499f6421a61a1ee759192ed306f78fe | OVMSA-2020-0035 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
