OVMSA-2016-0056 - curl security update
| Type: | SECURITY |
| Impact: | NA |
| Release Date: | 2016-06-20 |
Description
[7.15.5-17]
- fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)
[7.15.5-16]
- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
[7.15.5-15]
- introduce the --delegation option of curl (#746849)
[7.15.5-14]
- fix stack smashing in the FTP implementation (#652557)
- fix proxy kerberos authentication (#657396)
- update running_handles counter properly in curl_multi_remove_handle (#688871)
[7.15.5-13]
- add a new option CURLOPT_GSSAPI_DELEGATION (#723643)
[7.15.5-12]
- do not delegate GSSAPI credentials (CVE-2011-2192)
[7.15.5-11]
- avoid use of uninitialized variable on failure of a LDAP request (#655073)
[7.15.5-10]
- proxy tunnel support for LDAP requests (#655073)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.2 (x86_64) | curl-7.15.5-17.el5_9.src.rpm | b5b6c93526d6b76ca535a85c057e2ed7051c62b7b3c24ba22426b3b04ece6e7b | OVMSA-2020-0035 | ovm3_3.2.1_x86_64_patch |
| curl-7.15.5-17.el5_9.x86_64.rpm | 056672a223bcf492155be8d3dd2c10dd426cae78a1e688696a7fa73d598a948a | OVMSA-2020-0035 | ovm3_3.2.1_x86_64_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
