[El-errata] ELSA-2024-1601 Moderate: Oracle Linux 8 curl security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Apr 5 01:42:47 UTC 2024
Oracle Linux Security Advisory ELSA-2024-1601
http://linux.oracle.com/errata/ELSA-2024-1601.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
curl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-7.61.1-33.el8_9.5.i686.rpm
libcurl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-devel-7.61.1-33.el8_9.5.i686.rpm
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm
aarch64:
curl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//curl-7.61.1-33.el8_9.5.src.rpm
Related CVEs:
CVE-2023-28322
CVE-2023-38546
CVE-2023-46218
Description of changes:
[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)
More information about the El-errata
mailing list