[Oraclevm-errata] OVMSA-2017-0059 Moderate: Oracle VM 3.3 curl security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Mar 30 16:34:16 PDT 2017

Oracle VM Security Advisory OVMSA-2017-0059

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- treat Negotiate authentication as connection-oriented (CVE-2017-2628)

- fix a bug in DNS caching code that causes a memory leak (#1302893)

- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL (#1260742)

- use the default min/max TLS version provided by NSS (#1289205)

- prevent NSS from incorrectly re-using a session (#1269660)
- prevent test46 from failing due to expired cookie (#1277551)

- SSH: do not require public key file for user authentication (#1260742)

- make SCP/SFTP work with --proxytunnel (#1258566)

More information about the Oraclevm-errata mailing list