[El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 6 15:06:05 PST 2018
Oracle Linux Security Advisory ELSA-2018-3157
http://linux.oracle.com/errata/ELSA-2018-3157.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
curl-7.29.0-51.el7.x86_64.rpm
libcurl-7.29.0-51.el7.i686.rpm
libcurl-7.29.0-51.el7.x86_64.rpm
libcurl-devel-7.29.0-51.el7.i686.rpm
libcurl-devel-7.29.0-51.el7.x86_64.rpm
nss-pem-1.0.3-5.el7.i686.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.el7.src.rpm
Description of changes:
curl
[7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum
(#1610998)
[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang
[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)
[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write
(CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)
[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)
nss-pem
[1.0.3-5]
- update object ID while reusing a certificate (#1610998)
More information about the El-errata
mailing list