El-errata: ELBA-2020-3348 Oracle Linux 7 curl bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2020-3348
http://linux.oracle.com/errata/ELBA-2020-3348.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
curl-7.29.0-57.0.1.el7_8.1.x86_64.rpm
libcurl-7.29.0-57.0.1.el7_8.1.i686.rpm
libcurl-7.29.0-57.0.1.el7_8.1.x86_64.rpm
libcurl-devel-7.29.0-57.0.1.el7_8.1.i686.rpm
libcurl-devel-7.29.0-57.0.1.el7_8.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-57.0.1.el7_8.1.src.rpm
Description of changes:
[7.29.0-57.0.1.el7_8.1]
- Fix TFTP small blocksize heap buffer overflow
( https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:
30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers
( https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison
( https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication
( https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf
( https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code
( https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds
( https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation
( https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies
( https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with #
( https://curl.haxx.se/docs/CVE-2016-8624.html)
[7.29.0-57.el7_8.1]
- http: free protocol-specific struct in setup_connection callback
(#1836773)
A curl bug fix and enhancement update has been released for Oracle Linux 7.
