[Oraclevm-errata] OVMSA-2016-0056 Oracle VM 3.2 curl security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Jun 21 10:04:41 PDT 2016
Oracle VM Security Advisory OVMSA-2016-0056
The following updated rpms for Oracle VM 3.2 have been uploaded to the
Unbreakable Linux Network:
x86_64:
curl-7.15.5-17.el5_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/curl-7.15.5-17.el5_9.src.rpm
Description of changes:
[7.15.5-17]
- fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)
[7.15.5-16]
- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
[7.15.5-15]
- introduce the --delegation option of curl (#746849)
[7.15.5-14]
- fix stack smashing in the FTP implementation (#652557)
- fix proxy kerberos authentication (#657396)
- update running_handles counter properly in curl_multi_remove_handle
(#688871)
[7.15.5-13]
- add a new option CURLOPT_GSSAPI_DELEGATION (#723643)
[7.15.5-12]
- do not delegate GSSAPI credentials (CVE-2011-2192)
[7.15.5-11]
- avoid use of uninitialized variable on failure of a LDAP request (#655073)
[7.15.5-10]
- proxy tunnel support for LDAP requests (#655073)
More information about the Oraclevm-errata
mailing list