[Oraclevm-errata] OVMSA-2016-0056 Oracle VM 3.2 curl security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:04:41 PDT 2016


Oracle VM Security Advisory OVMSA-2016-0056

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.15.5-17.el5_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/curl-7.15.5-17.el5_9.src.rpm



Description of changes:

[7.15.5-17]
- fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)

[7.15.5-16]
- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)

[7.15.5-15]
- introduce the --delegation option of curl (#746849)

[7.15.5-14]
- fix stack smashing in the FTP implementation (#652557)
- fix proxy kerberos authentication (#657396)
- update running_handles counter properly in curl_multi_remove_handle 
(#688871)

[7.15.5-13]
- add a new option CURLOPT_GSSAPI_DELEGATION (#723643)

[7.15.5-12]
- do not delegate GSSAPI credentials (CVE-2011-2192)

[7.15.5-11]
- avoid use of uninitialized variable on failure of a LDAP request (#655073)

[7.15.5-10]
- proxy tunnel support for LDAP requests (#655073)




More information about the Oraclevm-errata mailing list