[El-errata] ELSA-2020-5002 Moderate: Oracle Linux 7 curl security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 12 08:04:32 PST 2020


Oracle Linux Security Advisory ELSA-2020-5002

http://linux.oracle.com/errata/ELSA-2020-5002.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
curl-7.29.0-59.0.1.el7_9.1.aarch64.rpm
libcurl-7.29.0-59.0.1.el7_9.1.aarch64.rpm
libcurl-devel-7.29.0-59.0.1.el7_9.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-59.0.1.el7_9.1.src.rpm



Description of changes:

[7.29.0-59.0.1.1]
- Fix TFTP small blocksize heap buffer overflow 
(https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 
30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers 
(https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison 
(https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication 
(https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf 
(https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code 
(https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds 
(https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation 
(https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies 
(https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # 
(https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.1]
- avoid overwriting a local file with -J (CVE-2020-8177)





More information about the El-errata mailing list