[Oraclevm-errata] OVMSA-2017-0059 Moderate: Oracle VM 3.3 curl security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Mar 30 16:34:16 PDT 2017
Oracle VM Security Advisory OVMSA-2017-0059
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
curl-7.19.7-53.el6_9.x86_64.rpm
libcurl-7.19.7-53.el6_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/curl-7.19.7-53.el6_9.src.rpm
Description of changes:
[7.19.7-53]
- treat Negotiate authentication as connection-oriented (CVE-2017-2628)
[7.19.7-52]
- fix a bug in DNS caching code that causes a memory leak (#1302893)
[7.19.7-51]
- SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL (#1260742)
[7.19.7-50]
- use the default min/max TLS version provided by NSS (#1289205)
[7.19.7-49]
- prevent NSS from incorrectly re-using a session (#1269660)
- prevent test46 from failing due to expired cookie (#1277551)
[7.19.7-48]
- SSH: do not require public key file for user authentication (#1260742)
[7.19.7-47]
- make SCP/SFTP work with --proxytunnel (#1258566)
More information about the Oraclevm-errata
mailing list